From 7286dec3ff166a201ee541af7b2c4caea4d0057a Mon Sep 17 00:00:00 2001
From: Patrik Lundin <patlu@sunet.se>
Date: Tue, 15 Oct 2024 16:29:31 +0200
Subject: [PATCH] Make sure X-Forwarded-Proto is set

Needed to cache http and https responses separately via Vary header
---
 .../etc/puppet/modules/cdn/templates/cache/varnish.vcl.erb      | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/global/overlay/etc/puppet/modules/cdn/templates/cache/varnish.vcl.erb b/global/overlay/etc/puppet/modules/cdn/templates/cache/varnish.vcl.erb
index 7954311..4232716 100644
--- a/global/overlay/etc/puppet/modules/cdn/templates/cache/varnish.vcl.erb
+++ b/global/overlay/etc/puppet/modules/cdn/templates/cache/varnish.vcl.erb
@@ -43,11 +43,13 @@ sub vcl_recv {
   # The usage of the proxy module is possible because haproxy is configured
   # to set PROXY SSL headers for us.
   if (proxy.is_ssl()) {
+    set req.http.X-Forwarded-Proto = "https";
     std.syslog(180, "RECV: this is https");
     if (req.http.host == "<%= @cache_secrets['customers'][@customer]['host'] %>") {
       set req.backend_hint = destination_https;
     }
   } else {
+    set req.http.X-Forwarded-Proto = "http";
     std.syslog(180, "RECV: this is http");
     if (req.http.host == "<%= @cache_secrets['customers'][@customer]['host'] %>") {
         set req.backend_hint = destination_http;