X-Forwarded-Proto not honored?

[raphink]

In the provided example for https setup, Nginx is set up with proxy_set_header X-Scheme $scheme; to let oauth2_proxy know that the scheme is https. In haproxy however, another header is usually passed instead with http-request add-header X-Forwarded-Proto https if { ssl_fc }. I'm guessing oauth2_proxy doesn't understand that header.

Here are the steps to reproduce:

• Clean existing oauth2_proxy cookies
• Setup the LB to accept both 80 and 443
• Setup github application for http:// with http:// callback URL
• Access page at https://
• Get a login page => redirected to http:// (no HTTPS)
• Access page at https:// again => no redirection

This shows that oauth2_proxy does not know about the HTTPS scheme used on the service page, and thus requests an HTTP callback.

A workaround that worked for me is to pass the -redirect-url parameter to oauth2_proxy, forcing it to use https://, but it would be better if oauth2_proxy honored haproxy's headers instead.