If eZ Publish uses Varnish and additional node for processing SSL connections then images URI contains wrong protocol (http:// instead of https://).

Environment configuration:

1. Option 1 (same as customer configuration)
   • haproxy - process SSL connection, "unpacks" it and forward HTTP request to Varnish
   • Varnish - process HTTP request, deliver cached content or if MISS sends request backed
   • Apache2 - vhost for eZ Publish, configured for HTTP connections

1. Option 2 (created for additional test)
   • Apache2 - vhost for processing HTTPS requests, listen on 443 port, has configured proxy to Varnish. "Unpacks" HTTPS request and forward it to Varnish.
   • Varnish - process HTTP request, deliver cached content or if MISS sends request backed
   • Apache2 - vhost for eZ Publish, configured for HTTP connections

Steps to reproduce:

1. Configure environment in accordance with instruction above
2. Go to https://ip:port of your haproxy/Apache2 (SSL) node
   All images served by the new stack won't be loaded. If you take a look at page source, you can see that every image has URI starting with *http://*.
   Images served by legacy (if any) will be loaded normally because they have relative URIs.

Additional information:

1. IORepositoryResolver::getBaseUrl() - in this case returns URL with *http://*
   (https://github.com/ezsystems/ezpublish-kernel-ee/blob/v5.4.10/eZ/Bundle/EzPublishCoreBundle/Imagine/IORepositoryResolver.php#L162-L187). In general, this behavior is correct, because in fact there is HTTP request, but later it is "packed" back to HTTPS by haproxy.