Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx: Mixed content without proxy headers #2853

Open
pglombardo opened this issue Dec 10, 2024 · 4 comments
Open

nginx: Mixed content without proxy headers #2853

pglombardo opened this issue Dec 10, 2024 · 4 comments
Labels
question

Comments

@pglombardo
Copy link
Owner

Hi,

regarding this issue using nginx reverse proxy:

We are unable to set:

proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;

We set:

  PWP__OVERRIDE_BASE_URL: 'https://**************.de'
  PWP__HOST_PROTOCOL: 'https'

Via docker compose.

Unfortunately still no luck:

Mixed Content: The page at 'https:// **************.de/' was loaded over HTTPS, but requested an insecure resource 'http:// .de/p/1eq/preview'. This request has been blocked; the content must be served over HTTPS.

Any ideas?

Originally posted by @DediCATeD88 in #1193 (comment)
@pglombardo pglombardo mentioned this issue Dec 10, 2024
Closed
@pglombardo
Copy link
Owner Author

Just curious - why can't you set those proxy headers?

In the pwpush Docker container, could you set the environment variable FORCE_SSL=true? This should force all loaded content to be done via SSL. This is an older setting that may help here.

Let me know.

@DediCATeD88
Copy link

DediCATeD88 commented Dec 11, 2024
edited
Loading

Hi,

thank you very much. Our firewall vendor which we are using in our company does not offer to set these options:
https://wiki.securepoint.de/index.php?title=UTM/APP/Reverse_Proxy&uselang=en

And this is our central reverse proxy / firewall. So we need to use this vendor / reverse proxy.

FORCE_SSL: 'true' gives us ERR_TOO_MANY_REDIRECTS in chrome and edge.

We have now tried

  PWP__HOST_DOMAIN: '**************.de'
  PWP__HOST_PROTOCOL: 'https'
  PWP__OVERRIDE_BASE_URL: 'https://**************.de'
  FORCE_SSL: 'true'

in different variants and only one setting at a time. FORCE_SSL: 'true' gives us ERR_TOO_MANY_REDIRECTS the rest of the options the Push It! Button tries to redirect to http instead of https. If we follow the chrome error message “Mixed Content: The page at 'https:// **************.de/' was loaded over HTTPS, but requested an insecure resource 'http:// .de/p/1eq/preview'. This request has been blocked; the content must be served over HTTPS” and replace http 'http:// .de/p/1eq/preview' with https everything is working. Even the link gets generated with https, only the PushIt! Button tries to go to http.

Any ideas? If not we will discuss

proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;

with our firewall vendor.

@pglombardo
Copy link
Owner Author

Hi @DediCATeD88 - unfortunately that is all that exists for options to potentially fix it. The too many redirects likely means that the backend app is redirecting to HTTPs but the firewall is passing back HTTP again.

Setting those headers would really be the best option if possible.

@DediCATeD88
Copy link

Ok thank you we will check back with our firewall vendor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pglombardo @DediCATeD88