Add / set header vs vhost inheritance mess

[krizhanovsky]

I got the issue on the setup from #2060, but I believe it's not necessary to build the setup and maybe only two vhosts are required, probably even for the same server group. The issue happens with config

listen 80;
listen 443 proto=h2;

cache 2;
cache_fulfill * *;
cache_methods GET HEAD;
cache_purge;
# Allow purging from the containers (upstream), localhost (VM) and the host.
cache_purge_acl 192.168.100.1 10.245.18.154 127.0.0.1;

access_log on;

frang_limits {
        request_rate 200;
        http_method_override_allowed true;
        http_methods post put get;
}

block_action attack reply;
block_action error reply;

# Make WordPress to work over TLS.
# See https://tempesta-tech.com/knowledge-base/WordPress-tips-and-tricks/
req_hdr_add X-Forwarded-Proto "https";

resp_hdr_set Strict-Transport-Security "max-age=31536000; includeSubDomains";

tls_certificate /etc/tempesta/tfw-root.crt;
tls_certificate_key /etc/tempesta/tfw-root.key;

srv_group production {
        server 10.245.18.154  conns_n=2;
}

srv_group staging {
        server 10.245.18.235  conns_n=2;
}

vhost tempesta-tech.com {
        proxy_pass production;
}

vhost staging.tempesta-tech.com {
        req_hdr_set host "tempesta-tech.com";
        proxy_pass staging;
}

http_chain {
	# Redirect old URLs from the old static website
	uri == "/index"		-> 301 = /;
	uri == "/development-services" -> 301 = /network-security-performance-analysis;

	# Proably outdated redirects
	uri == "/index.html"	-> 301 = /;
	uri == "/services"	-> 301 = /development-services;
	uri == "/services.html"	-> 301 = /development-services;
	uri == "/c++-services"	-> 301 = /development-services;
	uri == "/company.html"	-> 301 = /company;
	uri == "/blog/fast-programming-languages-c-c++-rust-assembly" -> 301 = /blog/fast-programming-languages-c-cpp-rust-assembly;

	host == staging.tempesta-tech.com -> staging.tempesta-tech.com;
	host == "tempesta-tech.com" -> tempesta-tech.com;
}

In particular, I see that an HTTP request going to the 10.245.18.235 upstream contain the rewritten host from tempesta-tech.com to staging.tempesta-tech.com. This is the job of req_hdr_set host "tempesta-tech.com"; declared in the vhost configuration. However, I also expected that the request also should contain x-forwarded-proto: https from the global configuration req_hdr_add X-Forwarded-Proto "https"; ,but it doesn't happen and I see with tcpdump that a request is forwarded as

GET / HTTP/1.1
host: tempesta-tech.com
user-agent: curl/7.81.0
x-forwarded-for: 192.168.100.1
accept: */*
via: 1.1 tempesta_fw (Tempesta FW 0.7.0)

I.e. x-forwarded-proto: https isn't set and I get 301 redirect from WordPress.

If I add the header to the configuration

vhost staging.tempesta-tech.com {
        req_hdr_set host "tempesta-tech.com";
	req_hdr_add X-Forwarded-Proto "https";
        proxy_pass staging;
}

then I see the header in the forwarded HTTP request to the staging container.

Need to either fix the code or describe the behavior in the Wiki. Also we need a test for this, @RomanBelozerov FYI