We are running Shopware 6 on a Apache HTTP webserver in Docker on our CI. Then Traefik is doing the SSL termination.
Now on a new Shopware 6.4.12.0 setup we have the problem, that the admin interface which is accessed via https://example.com/admin tries to load its resources from http://example.com/admin.
We believe that is because Shopware sees only the HTTP connection and does not know how to construct the right URLs.
APP_URL in the .env is set to https://example.com
Is this a new behavior in 6.4.12.0 ? How can the SSL offloading be configured?
Looks like we simply forgot a .env setting on the new instance
TRUSTED_PROXIES=127.0.0.1,127.0.0.2,172.0.0.0/8
Related
I'm running in AWS a Ubuntu with a docker server (managed by Portainer) with this two running containers:
1 - NodeRed (Serving my APIs)
2 - Apache (Hosts the site that consumes the APIs from NodeRed above)
I've configured a domain to this server and setted apache to work with SSL. The apache is running ok with my site through HTTPS, but the problem is that the NodeRed (that runs in port 1080) is not configured to run in SSL. This causes a malfunction in my website since that my API endpoints are being running under HTTP and being blocked by the browser due security reasons.
The question is: is there a way to create some kind of "mapping" in apache that receives the request from HTTPS and redirect to the NodeRed in HTTP (the two are running in same server)?
My idea is to create a subdomain like https://api.mysite.com that sends the request for apache and then apache redirects it to my NodeRed. Is that possible?
There is no need to expose the API to the outside world if you don't want to. Since your apache is running correctly and both containers are running on the same host, just use proxy to forward API requests to the API container.
You can achive this by add two lines to your apache config i.e.
ProxyPass /api/ http://127.0.0.1:1080/
ProxyPassReverse /api/ http://127.0.0.1:1080/
I have a myapp.war deployed on my Wildfly 10.1.0 server, All http request are redirected to https using the 8443 port.
Is there a configuration in Wildfly to make an exception for a specific URL ?
For example I'd like that http://localhost:8080/myapp/unprotected doesn't redirect to https://localhost:8443/myapp/unprotected.
Thanks,
You specify security constraints as described in The Java EE 6 Tutorial, Volume I.
One for the protected and one for the unprotected resources. For the latter you omit the user-data-constraint.
I had a drupal installation working fine. I tried to migrate that one on a Docker Container runing behind a nginx reverse proxy. Everything seems fine but i have some .js and .css files that can't load because in drupal they are linked with http. The error is:
Mixed Content: The page at https://proxy.xx.xx/ was loaded
over HTTPS, but requested an insecure stylesheet
http://proxy.xx.xx/sites/default/files/css/css_xE-rWrJf-
fncB6ztZfd2huxqgxu4WO-qwma6Xer30m4.css'. This request has been
blocked; the content must be served over HTTPS.
I have something like 7 of them and i can't find where those files are called in drupal or how to change the http to https.
Best regards.
Alright, so I got to work by adding the following to the Drupal settings.php:
$conf['reverse_proxy'] = TRUE;
$base_url = 'https://whatever-your-domain-is.com';
$conf['reverse_proxy_addresses'] = array('internal_nginx_proxy_ip');
$conf['reverse_proxy_header'] = 'HTTP_X_FORWARDED_FOR';
This works for jwilder's nginx-proxy container(s) together with JrCs' letsencrypt companion container. The nginx container is handling the HTTPS/SSL (certificates) and talks HTTP with the Drupal-container internally. The Drupal container only needs to be run with the 3 ENV VARS VIRTUAL_HOST, LETSENCRYPT_HOST, LETSENCRYPT_EMAIL for everything to be set up and work its magic.
Only downside: The Drupal container's apache logs show the internal IP of the nginx proxy. But the nginx logs show the correct client IPs and Drupal apparently gets them right as well, so it's only a minor nuisance for me.
I guess the additions to the settings.php should also be applicable to custom/manual setups.
We found what was wrong. Drupal was communicating with the Nginx proxy without ssl. Some config and it was ok.
I'm in the process of getting a SSL certificate for my website which i'm running of a VPS. My website also serves as a web service for some ios/android applications to fetch data from. I'm just wondering if installing and configuring a SSL Certificate in Apache will force everyone to contact the web server over HTTPS and refuse regular HTTP calls. Hince will my applications break until I've released an update making all server calls to HTTPS?
Cheers
Apache can handle both http and https at the same time.
Normally you setup your http site under something like httpd.conf which includes a line (might be commented out) something like:
Include extra/httpd-ssl.conf
which tells apache to load additional configuration for the httpd-ssl.conf file located in the 'extra' directory.
if you did a standard install of apache then the httpd-ssl.conf file is already there with a generic template for the HTTPS site, just modify it as necessary and (if needed) uncomment the Include line above in httpd.conf.
I have 2 servers, one running my Drupal 7 application through Apache on RHEL 6 and another server is running Varnish Cache. Apache is configured to run on custom HTTP port 8080. I want this application to run on 9443 port with SSL with Varnish Caching support.
I have tried Stunnel, but the site appears broken as the css are not being loaded. I have tried Nginx for SSL termination but browsers complain that there are mixed content as Drupal is generating URLs for resources with "http://".
Any help regarding this will be highly appreciated. Thanks a lot.
You problem is that according to drupal you are running http, and therefore will also return http links. which causes your mixed content issue. have you set your base_url to https?