Accessing 2FAuth on an insecure HTTPS connection?

[Lewis8265]

I would like to access my internal instance via https, even though it's a self-signed certificate and my browser will give me warnings, however I cannot get it to work.

I have tried changing the env file to have the URL be https, as well as trying with 80 and 443 on the end of the URL. I've also used an asterisk in the proxies section to allow everything. No change.

I have already searched Google, the Wiki, and both open and closed issues here to see if anyone else has had this and it appears not. I would like to access it over https so I can use the QR scanning, and it's still more secure than http.

The inspect feature shows the connection is refused if I go to https://192.168.X.X

Thanks for any help!

Edit: I ensure the cache file is deleted and I reboot the instance after each edit :)

[Bubka]

Hi,
Here is how I configured nginx and 2FAuth for my local secured tests, where nginx serves as a proxy with self-signed certificate and forwards the traffic to the 2FAuth docker image.

# nginx.conf

server {
    server_name secure.twofauth.dev;

    listen 443 ssl;
    listen [::]:443 ssl;

    ssl_certificate /path/to/my/certificats/cert.crt;
    ssl_certificate_key /path/to/my/certificats/cert.key;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_read_timeout 60;
        proxy_connect_timeout 60;

        proxy_pass http://localhost:8000/;
    }
}

# docker-compose.yml

version: "3"
services:
  2fauth:
    image: 2fauth/2fauth
    container_name: 2fauth
    volumes:
      - ./2fauth:/2fauth
    ports:
      - 8000:8000/tcp
    environment:
      - APP_URL=https://secure.twofauth.dev
      - TRUSTED_PROXIES=null
      - # your other env vars...

I access the app by visiting https://secure.twofauth.dev/.
Pay attention to the ports, I always use 8000 for simplicity, you may want to use a different one.

Are you running 2FAuth from a docker container or directly from your web server?

[Lewis8265]

Thanks for the reply. I'm not using any proxy service. I used to use Caddy when I had a static IP but instead I now use ZeroTier to access my network externally. For all of the other scripts I have, I can just access it via https://, accept the warning, and continue, but that doesn't work here. My instance is installed via Proxmox Helper Scripts, so effectively directly from the web server :)

[Bubka]

The inspect feature shows the connection is refused if I go to https://192.168.x.x/

What is the exact error? http/https mixed content?
Does the URL in your browser's address bar (I guess a zerotier specific url) match the value of APP_URL?

[Lewis8265]

Firefox says "Unable to connect", and the dev tools says "NS_Error_Connection_Refused"

ZeroTier allows me to use anything as if I was actually in my network, such the IP address, without a specific ZeroTier URL, so the URL field, with https://, is for the static internal IP :)