Using HAProxy or Apache HTTP Server as a TLS termination proxy I found that 
setting X-Forwarded-Proto="https" in the header on the proxy 
org.apache.tapestry5.services.Request::isSecure returns true . That's good!
In tapestry.production-mode=true I am getting absolute URLs. E.g. 
http://example.com/index.mycompo.form.
By setting -Dtapestry.secure-enabled=false seems to solve this. Now I am 
getting a relative URL. (/index.mycompo.form).
I can see that with X-Forwarded-Proto="https" set, 
org.apache.tapestry5.internal.services. 
RequestSecurityManager::checkPageSecurity returns LinkSecurity.SECURE. That's 
good!

For me it seems that this is the correct solution, but I find it nice if some 
tapestry experts can confirm this!

Reply via email to