Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client cant connect to HTTPS #108

Closed
thehatami opened this issue Jun 24, 2019 · 5 comments

Comments

@thehatami
Copy link

commented Jun 24, 2019

i can connect to mercure with url as http://www.testme.com:9753 from browser.

but clients get error from script
Mixed Content: The page at 'http://www.testme.com/en/box' was loaded over HTTPS, but requested an insecure EventSource endpoint 'http://www.testme.com:9753/hub?topic=ping%3Fuser%3D4'. This request has been blocked; the content must be served over HTTPS.

my nginx configuration

server {
    listen [::]:443 ssl; #managed by Certbot
    listen 443 ssl http2; #managed by Certbot

    listen 80;

    index index.php;
    client_max_body_size 100m;

    server_name testme.com www.testme.com;
    root /var/www/html/public;

    location / {
        try_files $uri /index.php$is_args$args;
    }

    location ~ ^/index\.php(/|$) {
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;

        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        internal;
    }

    location ~ \.php$ {
        return 404;
    }

    location ~ /\.(?:ht|git|svn) {
        deny all;
    }

    location ~* ^.+\.(css|js|min.css) {
       access_log off;
       log_not_found off;
    }

    ssl_certificate /etc/letsencrypt/live/testme.com/fullchain.pem; #managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/testme.com/privkey.pem; #managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; #managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #managed by Certbot

    access_log /var/log/nginx/rocket_access.log;
    error_log /var/log/nginx/rocket_error.log;
}

server {
    listen 80;
    listen [::]:80;

    return 301 https://testme.com$request_uri;

    server_name testme.com www.testme.com;
    return 404; #managed by Certbot
}

server {
    listen 9753 ssl http2;
    listen [::]:9753 ssl http2;

    ssl_certificate /etc/letsencrypt/live/testme.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/testme.com/privkey.pem;

    location / {
        proxy_pass http://localhost:8080/hub;
        proxy_read_timeout 24h;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

whats my wrong?

@dunglas

This comment has been minimized.

Copy link
Owner

commented Jun 24, 2019

The error message is explicit: if the main page is served using HTTPS, the hub must be exposed using HTTPS or the browser will block the connection.

@thehatami

This comment has been minimized.

Copy link
Author

commented Jun 25, 2019

ok. but how? i try to use HTTPS protocol as described.
sudo JWT_KEY='aVerySecretKey' ACME_CERT_DIR='/etc/letsencrypt/live/tesetme.com' ACME_HOSTS='tesetme.com' ADDR=':8080' ./mercure

but i get these msg in my browser
bad host

@dunglas

This comment has been minimized.

Copy link
Owner

commented Jun 25, 2019

Can you show the code you use in the browser?

@dunglas

This comment has been minimized.

Copy link
Owner

commented Jul 27, 2019

Also, if you use Let’s Encrypt, you must use the default port (not 8080). Can you try to remove the ADDR env var?
We must update the readme to make that clearer.

@tpharaoh

This comment has been minimized.

Copy link

commented Aug 8, 2019

Also, if you use Let’s Encrypt, you must use the default port (not 8080). Can you try to remove the ADDR env var?
We must update the readme to make that clearer.

I had a similar question, that @dunglas solves it for me with this answer

@dunglas dunglas closed this in a782bf8 Aug 9, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.