fix: add X-Forwarded-Proto header to HTTPS frontend for backend connection awareness

ansible/haproxy/haproxy.cfg.j2

@@ -59,6 +59,8 @@ frontend https_frontend
     mode http
     option httplog
     option forwardfor
+    # Tell backends the original connection was HTTPS (TLS terminates here)
+    http-request set-header X-Forwarded-Proto https
 
     # Security headers
     http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains"