no, we don’t force SSL which is why I wanted both f-e and the admin to respect the protocol the site is accessed on

Are you forcing SSL anywhere in your project. I don't think Framework / CMS auto forces SSL on "/admin" or "/Security" anymore

that’s what I think at the moment as well and that would be either the error handler or Security/login

It does sound like perhaps the Proxy middleware is not being triggered on the page / section you are having issues with.

FYI: I use Packer to build my environments, which is why the config looks like this (YAML controlled)

Hmm, seems to work okay on my Vagrant environment (using nginx as proxy).

These are the headers I am settings in Nginx.

  1. - 'Host $host'
  2. - 'Proxy ""'
  3. - 'X-Real-IP $remote_addr'
  4. - 'X-Forwarded-For $proxy_add_x_forwarded_for'
  5. - 'X-Forwarded-Host $host'
  6. - 'X-Forwarded-Proto $scheme'
  7. - 'X-Forwarded-Protocol $scheme'
  8. - 'X-Real-Port $server_port'
  9. - 'X-Forwarded-Port $server_port'

I am also using the following config changes in Nginx that may be related

  1. real_ip_header: 'X-Forwarded-For'
  3. nginx::config::proxy_connect_timeout: '120'
  4. nginx::config::proxy_send_timeout: '120'
  5. nginx::config::proxy_read_timeout: '240'
  6. nginx::config::proxy_buffer_size: '256k'
  7. nginx::config::proxy_buffers: '4 256k'

Hmm, it seems somehow connected to ErrorHandler which redirects to Security/login which when not forced to SSL actually goes to http only

it seems like the Security mechanism somehow kicks in before that and the check is_https in director always returns false