fix: enable PROXY protocol by default for RadSec HAProxy deployments

mbillow · mbillow · commit b6e927aacc82 · 2026-05-17T14:39:35.000-05:00
Default radSecProxyProtocol to true in values.yaml and disable in
values-dev.yaml since dev does not use HAProxy.
diff --git a/chart/values-dev.yaml b/chart/values-dev.yaml
@@ -8,6 +8,7 @@ pint:
 # Stub config values for dev; PINT itself runs locally so these are unused,
 # but they keep 'helm lint' and 'helm template' happy.
 config:
+  radSecProxyProtocol: false
   clientID: pint-dev
   serverURL: http://localhost:8080
   ipaHost: localhost:8088
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -35,7 +35,7 @@ config:
 
   # RADIUS / RadSec
   radSecCheckCRL: true          # set false to disable CRL checking in the RadSec TLS listener
-  radSecProxyProtocol: false    # set true when HAProxy fronts FreeRADIUS and sends PROXY protocol headers
+  radSecProxyProtocol: true     # set false when HAProxy is not fronting FreeRADIUS
   radSecStatusPort: ""          # overrides the FreeRADIUS status server port (default: 18121)
   radSecStatusAddr: ""          # overrides the status server address (host:port); useful in dev when pod IPs are unreachable
 
