From 0fd7532de125240814c12df302cadc333b52942a Mon Sep 17 00:00:00 2001
From: Jane Sandberg <js7389@princeton.edu>
Date: Wed, 2 Oct 2024 09:30:49 -0700
Subject: [PATCH] [orangelight] Add X-Forwarded-Proto https to the catalog load
 balancer config

Without this, login and forms were failing in the catalog.  In the logs we saw:
HTTP Origin header (https://catalog-staging.princeton.edu) didn't match request.base_url (http://catalog-staging.princeton.edu)

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
Co-authored-by: Beck Davis <beck-davis@users.noreply.github.com>
Co-authored-by: Christina Chortaria <christinach@users.noreply.github.com>
Co-authored-by: Denzil Phillips <dphillips-39@users.noreply.github.com>
Co-authored-by: Francis Kayiwa <kayiwa@users.noreply.github.com>
Co-authored-by: Kevin Reiss <kevinreiss@users.noreply.github.com>
Co-authored-by: Ryan Laddusaw <rladdusaw@users.noreply.github.com>
Co-authored-by: Stephanie Ayers <stephayers@users.noreply.github.com>
Co-authored-by: Vickie Karasic <vickiekarasic@users.noreply.github.com>
---
 roles/nginxplus/files/conf/http/catalog-prod.conf    | 1 +
 roles/nginxplus/files/conf/http/catalog-qa.conf      | 1 +
 roles/nginxplus/files/conf/http/catalog-staging.conf | 1 +
 3 files changed, 3 insertions(+)

diff --git a/roles/nginxplus/files/conf/http/catalog-prod.conf b/roles/nginxplus/files/conf/http/catalog-prod.conf
index 5933a9f2e..c7aaad5d4 100644
--- a/roles/nginxplus/files/conf/http/catalog-prod.conf
+++ b/roles/nginxplus/files/conf/http/catalog-prod.conf
@@ -63,6 +63,7 @@ server {
         proxy_pass http://catalog-prod;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Proto https;
         proxy_cache catalog-prodcache;
         proxy_connect_timeout      2h;
         proxy_send_timeout         2h;
diff --git a/roles/nginxplus/files/conf/http/catalog-qa.conf b/roles/nginxplus/files/conf/http/catalog-qa.conf
index 02509cb41..e3bd58a85 100644
--- a/roles/nginxplus/files/conf/http/catalog-qa.conf
+++ b/roles/nginxplus/files/conf/http/catalog-qa.conf
@@ -44,6 +44,7 @@ server {
         # app_protect_security_log_enable on;
         proxy_pass http://catalog-qa;
         proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto https;
         proxy_cache catalog-qacache;
         limit_req zone=catalog-qa-ratelimit burst=20 nodelay;
         proxy_connect_timeout      2h;
diff --git a/roles/nginxplus/files/conf/http/catalog-staging.conf b/roles/nginxplus/files/conf/http/catalog-staging.conf
index 30e4e41dc..5d693e1b1 100644
--- a/roles/nginxplus/files/conf/http/catalog-staging.conf
+++ b/roles/nginxplus/files/conf/http/catalog-staging.conf
@@ -46,6 +46,7 @@ server {
 #        # app_protect_security_log_enable on;
         proxy_pass http://catalog-staging;
         proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto https;
         proxy_cache catalog-stagingcache;
         proxy_connect_timeout      2h;
         proxy_send_timeout         2h;