From a6ddc5088c76c999f9ff68e6a5b3e5d46f172598 Mon Sep 17 00:00:00 2001
From: Justin Russell <38231076+justin-russell@users.noreply.github.com>
Date: Tue, 11 Jun 2024 10:35:28 -0500
Subject: [PATCH] Add X-Forwarded-Proto header in reverse_proxy (#56)

---------

Co-authored-by: Mo Balaa <thebalaa@users.noreply.github.com>
---
 src/client-link/entrypoint.sh | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/client-link/entrypoint.sh b/src/client-link/entrypoint.sh
index 43c0b64..3be694b 100755
--- a/src/client-link/entrypoint.sh
+++ b/src/client-link/entrypoint.sh
@@ -21,28 +21,37 @@ if [ -z ${FORWARD_ONLY+x} ]; then
         echo "Configure Caddy for use with TLS backend"
         if [ ! -z ${CADDY_TLS_INSECURE+x} ]; then   # if CADDY_TLS_INSECURE
             echo "Skip TLS verification"
-            export EXPOSE=$(cat <<-END
+            EXPOSE=$(cat <<-END
 $EXPOSE {
          transport http {
             tls
             tls_insecure_skip_verify
             read_buffer 8192
          }
+         header_up X-Forwarded-Proto {scheme}
        }
 END
 )
 
         else    # CADDY_TLS_INSECURE is false
-            export EXPOSE=$(cat <<-END
+            EXPOSE=$(cat <<-END
 $EXPOSE {
          transport http {
             tls
             read_buffer 8192
          }
+         header_up X-Forwarded-Proto {scheme}
        }
 END
 )
         fi
+        else
+         EXPOSE=$(cat <<-END
+$EXPOSE {
+         header_up X-Forwarded-Proto {scheme}
+       }
+END
+)
     fi
 
     CADDYFILE='/etc/Caddyfile'
@@ -72,6 +81,7 @@ END
 END
     )
     fi
+    export EXPOSE
     export TLS_INTERNAL_CONFIG
     envsubst < /etc/Caddyfile.template > $CADDYFILE
     caddy run --config $CADDYFILE