New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unaccessible administration panel due to mixed content with NGINX reverse proxy #2023
Comments
For the moment I workaround this issue by overriding the following files:
In the env file, I added the
In the index.html.twig I updated the URLs fetched with the "assets()" function to force the use of https. This modification allows me to access the admin panel.
I also hardcoded some URLs:
In my private function getBaseUrl(): string
{
if (!$this->baseUrl) {
$this->baseUrl = $this->createFallbackUrl();
}
// return $this->baseUrl;
return str_replace('http', 'https', $this->baseUrl);
} In private function getSchemeAndHttpHost(Request $request): string
{
return 'https://' . $this->punycode->decode($request->getHttpHost());
} My docker-compose looks like this in the end:
I am far from being a PHP developer, but from what I read, the app should probably use the header public static function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
} |
Thanks for the help. In the end the problem was in my environment file, I should have set So now my env file looks like this:
And my docker-compose llke this:
Everything works fine now. |
PHP Version
7.4
Shopware Version
v6.4.3.0 Stable Version
Expected behaviour
Within a 'https' Shopware instance, the administration panel loads properly without the need for the user to disable some security feature in his browser.
Within a 'https' Shopware instance, the images in the storefront load properly without the need for the user to disable some security feature in his browser.
Actual behaviour
When trying to access the admin panel at "https://my-sw-proto.com/admin", some of the assets are being fetched in HTTP which causes a "Mixed Block" error and the page doesn't load.
Some examples of contents being fetched in HTTP:
This problem extends to the shopware customer interface. I am using shopware-pwa and my images don't load because they are being fetched in HTTP.
How to reproduce
I am trying to host Shopware (as a prototype) in a Docker container behind a NGINX reverse proxy.
I decided to use Dockware#play to do this:
I configured my NGINX with
X-Forwarded-Proto
like so:And I have a valid SSL certificate with Let's Encrypt and serve my site through https.
The text was updated successfully, but these errors were encountered: