Hello
I have nginx runnig on 443 accepting traffic on https://discourse.example.com and sending it to discourse on that is running on port 8080…
When I connect to https://discourse.example.com the discourse serves welcome page and issues a warning: “Your connection to this site is not fully secured” (and it claims that some links and images on page are mixed) …
I can see all traffic being served via https, and the few http requests that appear get redirected and re-requested on https…
looking at the page source of the served discourse welcome page, I found a few http: // references (where I would expect https: //)
for example: <link rel="apple-touch-icon" type="image/png" href="http://discourse.example.com/images/default-apple-touch-icon.png"...
or: href="http://discourse.example.com/opensearch.xml"…
How does one change so that that it provides everything via https??
this is what my nginx has for 443 port:
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host:443; # added this no help
proxy_set_header X-Forwarded-Port 443; # added this no help
add_header Front-End-Https on; # added this no help
proxy_set_header X-Real-IP $remote_addr; # added this no help
}
exact error (except with different domain name) is :
SEC7137: [Mixed-Content] The origin 'https://discorurse.example.com' was loaded in a secure context and loaded an optionally blockable insecure image resource at 'http://discourse.example.com/uploads/default/original/1X/a49b3195c893e60f12b7829dd86f40b1790269fb.png'.
Thank you