Front nginx https reverse proxy to discourse http

Hello

I have nginx runnig on 443 accepting traffic on https://discourse.example.com and sending it to discourse on that is running on port 8080…

When I connect to https://discourse.example.com the discourse serves welcome page and issues a warning: “Your connection to this site is not fully secured” (and it claims that some links and images on page are mixed) …

I can see all traffic being served via https, and the few http requests that appear get redirected and re-requested on https…

looking at the page source of the served discourse welcome page, I found a few http: // references (where I would expect https: //)
for example: <link rel="apple-touch-icon" type="image/png" href="http://discourse.example.com/images/default-apple-touch-icon.png"...
or: href="http://discourse.example.com/opensearch.xml"

How does one change so that that it provides everything via https??
this is what my nginx has for 443 port:

location / {
            proxy_pass http://localhost:8080;
            proxy_set_header Host $http_host;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Host $host:443;  # added this no help
            proxy_set_header X-Forwarded-Port 443;  # added this no help
            add_header Front-End-Https on;  # added this no help
            proxy_set_header X-Real-IP $remote_addr;  # added this no help
        }

exact error (except with different domain name) is :
SEC7137: [Mixed-Content] The origin 'https://discorurse.example.com' was loaded in a secure context and loaded an optionally blockable insecure image resource at 'http://discourse.example.com/uploads/default/original/1X/a49b3195c893e60f12b7829dd86f40b1790269fb.png'.

Thank you

Check the force_https site setting in the admin console.

4 Likes

Thank you, that looks to have worked.