Foreman has a separate
unattended_url setting which refers to the HTTP URL the Foreman application is served with. This is needed to support provisioning on installers that don’t support HTTPS.
There is also a
templates module in Foreman Proxy which can serve over HTTP if the Proxy is enabled over HTTP. When this is available and enabled for provisioning, the host doesn’t contact Foreman over HTTP. This module is enabled by default in the Katello scenario but not Foreman where Foreman Proxy only listens on HTTPS.
Not having to serve over HTTP means the installer can let Apache redirect the user to HTTPS rather than using a Ruby application to do so. This saves memory by not having to run an entire Ruby application. It will also be more secure. Considerations will need to be made for Katello where Pulp is also served within the same vhost.
It would be useful to have an overview of provisioning installers and their HTTP/HTTPS support.