We are trying to set up OOD behind HAProxy similar to Putting an entire OOD setup behind a web proxy? but with the public site served on port 443 and communication between the HAProxy servers and OOD servers (backends) on port 80. In general, HAProxy config can handle this (by setting X-Forwarded-Proto to https).
We have tried: in /etc/ood/config/ood_portal.yml, set servername to the hostname of the OOD server, proxy_server to the public name of the site, and comment out ssl block so OOD server will serve on port 80. This partially works, but seems that generated links contain http://<public-site> when they need to contain https://<public-site>. There seem to be multiple places where host mismatches are detected where the conflict is with the protocol, not the hostname.
As a test only, we found that manually editing /etc/httpd/conf.d/ood-portal.conf after it’s generated, and for the ServerName directive inserting https:// before the hostname, resulted in the dashboard being displayed after Shibboleth auth completed (instead of getting a 404/not found error). Obviously, changing the Apache config after it’s generated from OOD config isn’t a solution. Also, while this test allowed display of some pages of the OOD site, it didn’t allow job submission (which seems to have a similar http vs https conflict).
Is there a way to configure OOD to make this work? If so, are there reasons why it would be advisable or not?