Support load balancers

Would a patch be accepted that does not provide this support to the apache servers?

Yes, an Nginx-only patch would be fine. Apache work on this can be done later. Thanks for doing this!

Please be aware that the SSL/HTTPS functionality in core (Provision) is essentially deprecated. We're about to roll out Aegir HTTPS which is the replacement. If you could add a merge request over there for the HTTPS stuff as well, it would be fantastic.

It will be ready for testing as soon as I get Replace all references to upstream project letsencrypt.sh with 'dehydrated' completed, which I'm working on right now. Take a look at the issue queue, but the one thing that'll be missing is support for certificates other than Let's Encrypt. The issue for that is Add a 'manual' Certificate implementation. Patches welcome! The original goal of the project was to add Let's Encrypt support to Aegir as per #2629560: [meta] Let's encrypt support, so nobody's looking at other certificates yet.

So it's not ready for Production today, but I'm planning to have it in that state for one of my projects (php7+nginx) by the end of the month, having LE certs for all hosted sites.

Other testers would really help. :)

Note that reverse proxy support has been discussed for a long time: #1047174: Reverse proxy support

Ideally, this'd be implemented as a separate service type (proxy), for which we could have a default implementation (nginx). This'd make Apache support moot, as an Nginx proxy can sit in front of an Apache web server. This would also allow Varnish (or other) support later on.

Ah, my mistake. Would context appended to the server or platform config, or in the pre.d/ dir not work?

The patch looks good to me, but you can't assume that the server was built with --with-http_realip_module, so perhaps the extra check would be a good idea, like we do this for some other modules?

I need a little helper on top of these changes to support using this patch for its Provision_Service_http_public public changes to fix #2952716: Support load balancers (hosting_https+ui) not getting https_proxy_type passed through to provisioning properly.

Unfortunately even with the latest patch the settings from UI are not reflected either in the backend nor in the drush aliases file.

When debugging, I noticed that $this->server->https_proxy_type is always 0 disregarding of the selected value.