Merge 6c5dbf54e7bb29a4aae04b98730b386398c01e7c into 498109addb6f2541082b88cb6ae115939321873c

to ensure that the X-Forwarded-Proto and X-Forwarded-Scheme headers reflect the most accurate protocol. The resolved_proto variable prioritizes the X-Forwarded-Proto header (set by sources like Cloudflare or AWS) and falls back to $scheme when unavailable, then this value is used to set Scheme and Proto instead of $scheme

backend/templates/_location.conf

@@ -2,8 +2,8 @@
     {{ advanced_config }}
 
     proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Scheme $scheme;
-    proxy_set_header X-Forwarded-Proto  $scheme;
+    proxy_set_header X-Forwarded-Scheme $resolved_proto;
+    proxy_set_header X-Forwarded-Proto  $resolved_proto;
     proxy_set_header X-Forwarded-For    $remote_addr;
     proxy_set_header X-Real-IP		$remote_addr;
 

backend/templates/proxy_host.conf

@@ -4,6 +4,8 @@
 
 {% include "_hsts_map.conf" %}
 
+include conf.d/include/resolved_proto_map.conf;
+
 server {
   set $forward_scheme {{ forward_scheme }};
   set $server         "{{ forward_host }}";

docker/rootfs/etc/nginx/conf.d/include/proxy.conf

@@ -1,8 +1,7 @@
 add_header       X-Served-By $host;
 proxy_set_header Host $host;
-proxy_set_header X-Forwarded-Scheme $scheme;
-proxy_set_header X-Forwarded-Proto  $scheme;
+proxy_set_header X-Forwarded-Scheme $resolved_proto;
+proxy_set_header X-Forwarded-Proto  $resolved_proto;
 proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
 proxy_set_header X-Real-IP          $remote_addr;
 proxy_pass       $forward_scheme://$server:$port$request_uri;
-

docker/rootfs/etc/nginx/conf.d/include/resolved_proto_map.conf

@@ -0,0 +1,7 @@
+# Resolve the effective protocol: use X-Forwarded-Proto if set
+# (e.g., from proxies like Cloudflare or AWS)
+# otherwise fall back to the current scheme.
+map $http_x_forwarded_proto $resolved_proto {
+    default $scheme;
+    ~.+ $http_x_forwarded_proto;
+}