0

"Mixed content" alert while access FileRun behind (Nginx) reverse proxy

csly004 3 months ago • updated by st1 1 month ago 3

Hello:
I install Filerun in the container and configure it to listen port 10080, then I set a NGINX reverse proxy.

Everything goes well while I was using HTTP, but something went wrong when I switch to HTTPS. I receive a alert from Chrome and Firefox like this:

This is my NGINX configure

```

server {
listen 80;
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/mydomain.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/mydomain.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name mydomain.com;
access_log /data/wwwlogs/file.fromling.xyz_nginx.log combined;
index index.html index.htm index.php;
root /data/wwwroot/mydomain.com;
# if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

include /usr/local/nginx/conf/rewrite/none.conf;
#error_page 404 /404.html;
#error_page 502 /502.html;

location / {
proxy_pass http://127.0.0.1:10080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;

# used for view/edit office file via Office Online Server
client_max_body_size 0;

access_log /data/wwwlogs/mydomain.com.access.log;
error_log /data/wwwlogs/mydomain.com.error.log;
}
}

```

Coud you help me?

Answer

Answer

FileRun tries to detect if the original HTTP request (the one made by the browser, not the reverse proxy) was done via HTTPS, to adjust URLs accordingly. It does that by looking for any of the following HTTP headers: "HTTP_X_FORWARDED_PROTO", "HTTP_X_FORWARDED_PORT", "HTTP_X_FORWARDED_SSL".

If your reverse proxy does not forward these headers, then FileRun has no way to tell if the URLs to use are to be HTTP or HTTPS.

If you do not wish to make the change on the reserve proxy (though this is the best thing to do if you plan to access more web resources via HTTPS), you can force feed the URL to FileRun:

Create a file "customizables/config.php" like this:

<?php
$config['url']['root'] = 'https://www.your-website.com/filerun-folder/';

Where "https://www.your-website.com/filerun-folder/" is the URL your FileRun users are typing in their browsers.

I had this issue and I somehow managed to fix it. And then I had to delete my install of FileRun.

Now I reinstalled FileRun and am stuck at this issue as well.

I am running apache reverse proxy. Website is served using reverse proxy ssl. Original install of the filerun does not have its own ssl cert or any kind of ssl setup.

I vaguely remember that issue was fixed after I did two thing:

(1) Follow this guide to update .htaccess : https://feedback.filerun.com/communities/1/topics/349-how-do-i-enable-https-in-filerun

(2) create config.php file in the Customizables to point to https url of the website <--- I don't know how to do this and cannot find the guide. 

@csly004 - is this issue resolved for you?

@FileRun Support - any idea?

Answer

FileRun tries to detect if the original HTTP request (the one made by the browser, not the reverse proxy) was done via HTTPS, to adjust URLs accordingly. It does that by looking for any of the following HTTP headers: "HTTP_X_FORWARDED_PROTO", "HTTP_X_FORWARDED_PORT", "HTTP_X_FORWARDED_SSL".

If your reverse proxy does not forward these headers, then FileRun has no way to tell if the URLs to use are to be HTTP or HTTPS.

If you do not wish to make the change on the reserve proxy (though this is the best thing to do if you plan to access more web resources via HTTPS), you can force feed the URL to FileRun:

Create a file "customizables/config.php" like this:

<?php
$config['url']['root'] = 'https://www.your-website.com/filerun-folder/';

Where "https://www.your-website.com/filerun-folder/" is the URL your FileRun users are typing in their browsers.

I updated .htaccess and reverse proxy config file to include x-forwarded-proto. But FileRun still does not save HTTPS settings. Note that I can still access https site and http is redirecting to https without any issues.

I updated "customizables" section as mentioned above, and it helped.

I am not going to spend more time on this as I believe I am ok as long as http is redirected to https.

Thanks.