oneuptime
oneuptime copied to clipboard
OneUptime
Bug: Mixed content when used behind reverse proxy
Describe the bug
When trying to setup one uptime behind Haproxy as reverse proxy, register form is trying to request with http scheme resulting in mixed content error
To Reproduce Steps to reproduce the behavior:
- Deploy oneuptime
- Configure config.env to use https
- Install and configure haproxy to use https and connect to oneuptime:80 without ssl
- Tell haproxy to pass "X-Forwarded-Proto" header with "https" value
- Register form is returning error
Mixed Content: The page at 'https://uptime.example.com/accounts/register' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://uptime.example.com/identity/signup'. This request has been blocked; the content must be served over HTTPS.
Also when trying to route request to https port, ssl error
curl -Ik -H "Host: uptime.example.com" https://localhost curl: (35) OpenSSL/3.0.11: error:0A000438:SSL routines::tlsv1 alert internal error
is raised with
ingress-1 | 2024-02-20T10:30:51.855424570Z 2024/02/20 10:30:51 [error] 22#22: *66 cannot load certificate "/etc/nginx/certs/StatusPageCerts/localhost.crt": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/certs/StatusPageCerts/localhost.crt, r) error:10000080:BIO routines::no such file) while SSL handshaking, client: 172.18.0.1, server: 0.0.0.0:443
this in Ingress container log
Expected behavior Content is being loaded over https
Desktop (please complete the following information):
- OS: Debian 12 / Docker
Deployment Type Docker
I have the same issue with nginx as reverse proxy in front instead of haproxy.
Can I ask you how you have your environment set up please? Do you have internal DNS that can resolve the name to the local host or do you rely on external DNS? i.e. when you browse to your internal OneUptime instance are you hitting the reverse proxy? Do you set the host name on the instance or edit the hosts file? What do you put in the config.env for the HOST= line? What do you put in the config.env for the HTTP_PROTOCOL= line?
@kbekus I'm relying on external DNS. My onuptime istance is one of VMs on my Proxmox server. VMs are connected over local network and there is Haproxy on Proxmox host which does SSL termination and is routing requests. my HTTP_PROTOCOL is set to "https" my HOST is set to "uptime.example.com" (it's real domain) and on haproxy i have both routing and SSL for this domain
Did you change HTTP_PROTOCOL value in config.env to https? By default its http
Did you change
HTTP_PROTOCOLvalue in config.env tohttps? By default itshttp
Yes, here's my config.env:
HOST=oneuptime.mydomain.com
HTTP_PROTOCOL=https
And the error happens when I click the Sign Up button at /accounts/register.
I'am also running it behind a Cloudflare Tunnel. HTTP_PROTOCOL is set to https. No issues so far.
I'am also running it behind a Cloudflare Tunnel. HTTP_PROTOCOL is set to https. No issues so far.
@sevensolutions Do you mind sharing your .env file?
@wendellli99 I only changed the following things:
# Please change this to domain of the server where oneuptime is hosted on.
HOST=oneuptime.mydomain.io
# If this server is hosted on SSL / TLS then change this to https
HTTP_PROTOCOL=https
STATUS_PAGE_CNAME_RECORD=oneuptime.mydomain.io
The whole setup is: Internet > Cloudflare Tunnel > APISIX > OneUptime
SSL is completely handled by Cloudflare. Behind the CF-Tunnel, everything is HTTP in my case.
Thank you for the env file @sevensolutions Problem solved! The issue with my setup is that I used a different domain for STATUS_PAGE_CNAME_RECORD and I have don't have the DNS record configured yet.
Looks like we have resolved this. If you still face this, please feel free to re-open this issue.