1

I installed nginx on a server at my work so that we can use it as a reverse proxy with ssl on our applications. I followed some articles online, created an self-signed certificate with this:

 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt

So after making the configurations under /etc/nginx/sites-available and restarting nginx, I came up to a problem.

2 out of the 3 apps that are running under my server seem to work fine, the only "issue" is that the certificate is not from a CA so you need to add an exception, but i guess that's alright for now. These 2 are a node.js app and jenkins.

Now for the third app, the problem is that it is not loading the scripts. More precisely, they are running in chrome,opera, firefox but only when i click on the little shield on the right of the url to allow running unsafe scripts as shown below:

enter image description here

Now, what I want to achieve is to load the scripts from all browsers without the need to click to allow the scripts to run. As it does with the node.js app where the scripts run by default. This app is built with the compination of maven, jenkins, docker and backbone. I was not a part of the development so i don't know many things about the app. So I wonder if i have to change any configurations in maven-docker-backbone so that the scripts can run by default, as they were when using http.

Here is the configuration file for reverse proxying for my app:

server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {

    listen 443;
    server_name mysub.domain.com;

    ssl_certificate           /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key       /etc/nginx/ssl/nginx.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/myapp.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the “It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:myport;
      proxy_read_timeout  90;

      proxy_redirect      http://localhost:myport https://mysub.domain.com;
    }
  }

And finally, here is the conf file without ssl that runs the scripts normally:

server {
    listen 80;

    server_name mysub.domain.com;

    location / {
        proxy_pass http://127.0.0.1:myport;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Sorry for the long post, thank you in advance for any tips that may help.

Improve this question

3 Answers 3

Reset to default
2

In my case not all content was served over https. Make sure all files use https not http.

https_mixed_content_error

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

how to do this ?
If possible edit your html files and change the way you include resources in <head> section. For instance change from: <script src="http://url/file.js"></script> to <script src="https://url/file.js"></script>
0

You need to open up CORS on your API host.

Improve this answer

Comments

0

Translate for English:

Utilize a seguinte linha dentro do bloco location do vhost:

add_header 'Content-Security-Policy' 'upgrade-insecure-requests';

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.