Using HAProxy or Apache HTTP Server as a TLS termination proxy I found that setting X-Forwarded-Proto="https" in the header on the proxy org.apache.tapestry5.services.Request::isSecure returns true . That's good! In tapestry.production-mode=true I am getting absolute URLs. E.g. http://example.com/index.mycompo.form. By setting -Dtapestry.secure-enabled=false seems to solve this. Now I am getting a relative URL. (/index.mycompo.form). I can see that with X-Forwarded-Proto="https" set, org.apache.tapestry5.internal.services. RequestSecurityManager::checkPageSecurity returns LinkSecurity.SECURE. That's good!
For me it seems that this is the correct solution, but I find it nice if some tapestry experts can confirm this!
