We recently had an admin make some changes to foreman in updating certificates. One change that was made was to move foreman-proxy to listen on localhost:8000. Everything is working as expected with one exception and that involves importing puppet environments.
First, if you navigate to configure -> classes in foreman and then click on Import Environments, you will get an error message "Unable to get environments from Puppet ". You can get the same message from a couple of other places in the gui. From the foreman cli, running ‘foreman-rake puppet:import:puppet_classes’ will also give you the same error message.
In my case these endpoints are enabled on HTTPS which is port 8443 or 9090 depending on installation scenario. Then you can only connect to these ports. Make sure your proxy is registered via HTTPS port, the HTTP endpoint is only used for some services like kickstart or HTTP booting but it should not definitely be used to communicate puppet CA certs.
The Foreman Proxy modules are all configured via the enabled flag. This can have a few values
https - listen on HTTPS
http - listen on HTTP
true - listen on both HTTP and HTTPS
false - disable the module
The installer always prefers https unless it really needs to be exposed over HTTP (think about provisioning templates where kickstart may not support HTTPS) in which case we use true (since Foreman always uses HTTPS).
(Yes, reading this immediately made me wonder why monitoring is different - these are providers, not modules)
To get the correct info about which modules are active, I’d refer to Foreman :: Foreman Proxy Registration Protocol v2 explained under the header Version 2, but then I noticed you’re on a very old version that doesn’t have this interface. However, it may still be that it’s enabled in the config but fails to start up properly. This should also be visible in the logs.