Gitlab should not require X-Forwarded-Ssl: on if behind the HTTPS enabled reverse proxy when X-Forwarded-Proto: https is set
I have a HTTPS enabled reverse proxy which sets X-Forwarded-Proto: https
when communicating with Gitlab. I think this should be enough to convey that it is behind HTTPS. As it seems, this is not enough and X-Forwarded-Ssl: on
has to be added as well for Gitlab to work in all cases.
I would suggest that Gitlab behaves the same if either X-Forwarded-Ssl:
onor
X-Forwarded-Proto: https` is set and it does not require both to be set.
Researching this it seems this has been a problem quite a lot in the past for many:
- omnibus-gitlab#489 (comment 1037409)
- gitlab-recipes@2fa3ec7a
- https://forum.gitlab.com/t/nginx-as-reverse-proxy-for-gitlab-with-ssl/1641
It had to even be documented: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl
This really should not be necessary. The issue is that in our case we use same reverse proxy for many containers and we had issues only with Gitlab.
Tested on version 8.16.6.