diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 
+## [15.1.1](https://github.com/theforeman/puppet-foreman/tree/15.1.1) (2020-10-14)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/15.1.0...15.1.1)
+
+**Fixed bugs:**
+
+- Fixes [\#30535](https://projects.theforeman.org/issues/30535) - Set HTTP headers proxy requests [\#872](https://github.com/theforeman/puppet-foreman/pull/872) ([hsahmed](https://github.com/hsahmed))
+- Fixes [\#30789](https://projects.theforeman.org/issues/30789) - Set DB pool size dynamically [\#882](https://github.com/theforeman/puppet-foreman/pull/882) ([ekohl](https://github.com/ekohl))
+
 ## [15.1.0](https://github.com/theforeman/puppet-foreman/tree/15.1.0) (2020-08-07)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman/compare/15.0.2...15.1.0)

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -35,6 +35,12 @@
     mode  => '0640',
   }
 
+  if $foreman::use_foreman_service {
+    $db_pool = max($foreman::db_pool, $foreman::foreman_service_puma_threads_max)
+  } else {
+    $db_pool = $foreman::db_pool
+  }
+
   file { '/etc/foreman/database.yml':
     owner   => 'root',
     group   => $foreman::group,

diff --git a/manifests/config/apache.pp b/manifests/config/apache.pp
@@ -196,6 +196,11 @@
         'set SSL_CLIENT_S_DN ""',
         'set SSL_CLIENT_CERT ""',
         'set SSL_CLIENT_VERIFY ""',
+        'unset REMOTE_USER',
+        'unset REMOTE_USER_EMAIL',
+        'unset REMOTE_USER_FIRSTNAME',
+        'unset REMOTE_USER_LASTNAME',
+        'unset REMOTE_USER_USER_GROUPS',
       ],
       'proxy_pass'          => {
         'no_proxy_uris' => $proxy_no_proxy_uris,
@@ -219,6 +224,11 @@
         'set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"',
         'set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"',
         'set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"',
+        'unset REMOTE_USER',
+        'unset REMOTE_USER_EMAIL',
+        'unset REMOTE_USER_FIRSTNAME',
+        'unset REMOTE_USER_LASTNAME',
+        'unset REMOTE_USER_USER_GROUPS',
       ],
     }
 

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -83,7 +83,8 @@
 #
 # $db_root_cert::                 Root cert used to verify SSL connection to postgres
 #
-# $db_pool::                      Database 'production' size of connection pool
+# $db_pool::                      Database 'production' size of connection pool. When running as a reverse proxy,
+#                                 the value of `$foreman_service_puma_threads_max` is used if it's higher than `$db_pool`.
 #
 # $db_manage_rake::               if enabled, will run rake jobs, which depend on the database
 #

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "theforeman-foreman",
-  "version": "15.1.0",
+  "version": "15.1.1",
   "author": "theforeman",
   "summary": "Foreman server configuration",
   "license": "GPL-3.0+",

diff --git a/spec/classes/foreman_config_apache_spec.rb b/spec/classes/foreman_config_apache_spec.rb
@@ -219,7 +219,12 @@
                   'set X_FORWARDED_PROTO "http"',
                   'set SSL_CLIENT_S_DN ""',
                   'set SSL_CLIENT_CERT ""',
-                  'set SSL_CLIENT_VERIFY ""'
+                  'set SSL_CLIENT_VERIFY ""',
+                  'unset REMOTE_USER',
+                  'unset REMOTE_USER_EMAIL',
+                  'unset REMOTE_USER_FIRSTNAME',
+                  'unset REMOTE_USER_LASTNAME',
+                  'unset REMOTE_USER_USER_GROUPS'
                 ])
                 .with_proxy_pass(
                   "no_proxy_uris" => ['/pulp', '/pulp2', '/streamer', '/pub', '/icons'],
@@ -245,7 +250,12 @@
                   'set X_FORWARDED_PROTO "https"',
                   'set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"',
                   'set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"',
-                  'set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"'
+                  'set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"',
+                  'unset REMOTE_USER',
+                  'unset REMOTE_USER_EMAIL',
+                  'unset REMOTE_USER_FIRSTNAME',
+                  'unset REMOTE_USER_LASTNAME',
+                  'unset REMOTE_USER_USER_GROUPS'
                 ])
                 .with_ssl_proxyengine(true)
                 .with_proxy_pass(

diff --git a/spec/classes/foreman_spec.rb b/spec/classes/foreman_spec.rb
@@ -80,7 +80,7 @@
         end
 
         it 'should contain foreman::config::apache' do
-          passenger_ruby = if facts[:osfamily] == 'RedHat' && facts[:os]['release']['major'] = '7'
+          passenger_ruby = if facts[:osfamily] == 'RedHat' && facts[:os]['release']['major'] == '7'
                              '/usr/bin/tfm-ruby'
                            elsif facts[:osfamily] == 'Debian'
                              '/usr/bin/foreman-ruby'

diff --git a/templates/database.yml.erb b/templates/database.yml.erb
@@ -27,6 +27,4 @@
 <% unless (password = scope.lookupvar("::foreman::db_password")) == 'UNSET' -%>
   password: "<%= password %>"
 <% end -%>
-<% unless (pool = scope.lookupvar("::foreman::db_pool")) == 'UNSET' -%>
-  pool: <%= pool %>
-<% end -%>
+  pool: <%= @db_pool %>
diff --git a/templates/lookup_identity.conf.erb b/templates/lookup_identity.conf.erb
@@ -3,6 +3,14 @@
   LookupUserAttr email REMOTE_USER_EMAIL
   LookupUserAttr firstname REMOTE_USER_FIRSTNAME
   LookupUserAttr lastname REMOTE_USER_LASTNAME
+  LookupUserGroups REMOTE_USER_GROUPS :
   LookupUserGroupsIter REMOTE_USER_GROUP
+
+  # Set headers for proxy requests
+  RequestHeader set REMOTE_USER %{REMOTE_USER}e
+  RequestHeader set REMOTE_USER_EMAIL %{REMOTE_USER_EMAIL}e
+  RequestHeader set REMOTE_USER_FIRSTNAME %{REMOTE_USER_FIRSTNAME}e
+  RequestHeader set REMOTE_USER_LASTNAME %{REMOTE_USER_LASTNAME}e
+  RequestHeader set REMOTE_USER_GROUPS %{REMOTE_USER_GROUPS}e
 </LocationMatch>