NGINX Proxy Mixed Content Error


(Zack) #1

Hi there,

Recently, a user complained to me about not being able to create an account due to there being too many accounts registered for that IP address. Turns out, this was because I was running my Discourse forum on the standard 80 and 443 ports, however it I was running Discourse through Cloudflare’s proxy (to get SSL and what not). A fix for this would be to use NGINX to reverse proxy Discourse, and use the “realip” module that NGINX has to offer, which allows Discourse to see real user IPs, and not Cloudflares regional IP addresses due to the proxy.

Everything works great! However there’s one small problem. When replying or creating a topic, Discourse seems to throw an error in the console when trying to display the content preview for what you’re writing. The error is this:

Blocked loading mixed active content “http://community.phantombot.tv/assets/markdown-it-bundle-278dd87cca85c40ed9c85bff51af14639959f40df44b285fe0007619fc1be8e9.js” [Learn More] _ember_jquery-a8dcbd325e04410f036f2a791d66d8316c48c5387acdd914de99a5dd6afb3cd3.js:9248:4
Loading failed for the <script> with source “http://community.phantombot.tv/assets/markdown-it-bundle-278dd87cca85c40ed9c85bff51af14639959f40df44b285fe0007619fc1be8e9.js”.

If you’re curious, here’s my configuration for NGINX while running this setup:

server {
        listen 80;
        listen [::]:80;

        server_name community.phantombot.tv;

        location / {
         proxy_pass http://127.0.0.1:8080;
         include proxy_params;
         proxy_http_version 1.1;
        set_real_ip_from 103.21.244.0/22;
        set_real_ip_from 103.22.200.0/22;
        set_real_ip_from 103.31.4.0/22;
        set_real_ip_from 104.16.0.0/12;
        set_real_ip_from 108.162.192.0/18;
        set_real_ip_from 131.0.72.0/22;
        set_real_ip_from 141.101.64.0/18;
        set_real_ip_from 162.158.0.0/15;
        set_real_ip_from 172.64.0.0/13;
        set_real_ip_from 173.245.48.0/20;
        set_real_ip_from 188.114.96.0/20;
        set_real_ip_from 190.93.240.0/20;
        set_real_ip_from 197.234.240.0/22;
        set_real_ip_from 198.41.128.0/17;
        set_real_ip_from 2400:cb00::/32;
        set_real_ip_from 2606:4700::/32;
        set_real_ip_from 2803:f800::/32;
        set_real_ip_from 2405:b500::/32;
        set_real_ip_from 2405:8100::/32;
        set_real_ip_from 2c0f:f248::/32;
        set_real_ip_from 2a06:98c0::/29;

        # use any of the following two
        real_ip_header CF-Connecting-IP;
        #real_ip_header X-Forwarded-For;
    }
}

I tried to find a solution for this, such as installing Let’s Encrypt on the server and using both that, and Cloudflare’s cert together. Here is the NGINX configuration for that:

server {
        listen 80;
        server_name community.phantombot.tv;
        return 301 https://community.phantombot.tv$request_uri;
}

server {
        listen 443 ssl spdy;
        server_name community.phantombot.tv;
        ssl_certificate /etc/letsencrypt/live/community.phantombot.tv/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/community.phantombot.tv/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA$
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass      http://127.0.0.1:8080/;
                proxy_read_timeout      90;
                proxy_redirect  http://127.0.0.1:8080/ https://community.phantombot.tv;
        }
}

For the last proxy_pass and proxy_redirect options, I tried using http://community.phantombot.tv:8080/ for both, but it refuses to work.

Doing things this way seems to fixed the Mixed Content error, however, the script for previewing markdown still doesn’t work. It results in this error:

Loading failed for the <script> with source "http://127.0.0.1:8080/assets/markdown-it-bundle-278dd87cca85c40ed9c85bff51af14639959f40df44b285fe0007619fc1be8e9.js".

Is there something I’m doing wrong here? I’d love to get this running, if not, it’s not too big of a loss. Thank you!


(Zack) #2

This topic can be closed/deleted. I fixed it by following Allowing SSL / HTTPS for your Discourse Docker setup but using Let’s Encrypt instead and setting my SSL to Full (instead of flexible) in the Cloudflare dashboard. Thanks!


(Jeff Atwood) #3