Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mixed content issues #11

Open
puschmie opened this issue Feb 1, 2021 · 5 comments
Open

mixed content issues #11

puschmie opened this issue Feb 1, 2021 · 5 comments

Comments

@puschmie
Copy link

puschmie commented Feb 1, 2021

I stumbled accross some issues with the docker container.
Firefox as well as Chrome prohibit the use of mixed content from http and https sources.
the bludit image apparently uses http for internal ressources.
My quick and dirty fix was to add
add_header Content-Security-Policy "upgrade-insecure-requests;"
to default.conf in the running docker container.
If I'm not mistaken this will only solve the issue for modern browsers though, long term it would probably be better to upgrade the internal ressource loading to https.
I tried to open a pull request to implement this fix, but couldn't.
Would be very cool if this would be implemented. Just following the setup instructions doesn't lead to success in a production environment.
@dignajar
Copy link
Member

dignajar commented Feb 1, 2021
edited
Loading

Hi,
the docker image uses his own nginx and doesn't have TLS support, so internally is via HTTP.
If you want to add TLS you need to create your own Dockerfile and add the certificates and configure Nginx for use them.

@puschmie
Copy link
Author

puschmie commented Feb 1, 2021

I'm running the image behind a nginx reverse proxy because I have multiple services on the same server.
I'm also not a pro at nginx configuration so I'm not quite sure how to go about this

@dignajar
Copy link
Member

dignajar commented Feb 1, 2021

Have you tried to configure in Bludit settings the domain with the https:// ?

@puschmie
Copy link
Author

puschmie commented Feb 1, 2021

no. because of the mixed content issues I can't access the admin panel :/ I guess it has something todo with the whole setup and how the nginx reverse proxy takes care of SSL certificates.

@jasminhacker
Copy link

I ran into the same problem when using nginx-proxy. I solved it by initializing bludit via http. Disabling https redirection can be done with these environment variables:

    environment:
      - HTTPS_METHOD=noredirect
      - HSTS=off

If you visited the page before, you need to clear the HSTS cache in order to access the unsecured page. Other nginx proxy solutions should have similar options.
Now bludit is accessible and the url can be changed in the settings to https://... as @dignajar suggested. Afterwards you can enable https redirection and hsts again. You probably also want to change the admin password over the secured connection.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dignajar @jasminhacker @puschmie