docker-taiga icon indicating copy to clipboard operation
docker-taiga copied to clipboard

Published 20 hours ago verified publisher icon benhutchins

Mixed content with images

Open IwishIcanFLighT opened this issue 7 years ago • 2 comments

Hi !

I installed Taiga on behind my Apache proxy. Everything is working great except I get mixed content warnings for images:

Mixed Content: The page at 'https://tg.website.com/project/myproject/' was loaded over HTTPS,
but requested an insecure image 'http://tg.website.com/media/user/1/4/5/6/719044330acb4fc76d85b27bc29cd4a4aa546e0d82e5d6db0ea35a6e75a8/t0255bcgs-u0255bcgw-8b381fb14cd9-512.png.80x80_q85_crop.jpg'.
This content should also be served over HTTPS.

The image is my profil picture on the taiga, but I was able to reproduce the same warning with an image attachment and the project image. Images still load, but this is not ideal as this is a production taiga so the HTTPS must be rock solid.

This is my docker SSL config (I used the docker-compose script to install it):

TAIGA_SSL: 'True' # I also tested it to false with only TAIGA_SSL_BY_REVERSE_PROXY: 'True'
TAIGA_SSL_BY_REVERSE_PROXY: 'True'

The SSL is then entirely handled by the apache config with Let's Encrypt.

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	
	ServerName tg.website.com
	
	RequestHeader set X-Forwarded-Proto "https"
	
	RewriteEngine On
	
	ProxyPreserveHost On
	ProxyRequests Off
	
	ProxyPass / http://127.0.0.1:1337/
	ProxyPassReverse / http://127.0.0.1:1337/
	
	SSLCertificateFile "/etc/letsencrypt/live/tg.website.com/fullchain.pem"
	SSLCertificateKeyFile "/etc/letsencrypt/live/tg.website.com/privkey.pem"
	Include "/etc/letsencrypt/options-ssl-apache.conf"
</VirtualHost>
</IfModule>

<VirtualHost *:80>
	ServerName tg.website.com
	
	RewriteEngine On
	
	RewriteCond %{HTTPS} !=on
	RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
	RewriteCond %{SERVER_NAME} =tg.website.com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
	
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

The readme states that if I set TAIGA_SSL_BY_REVERSE_PROXY to True, The value of TAIGA_SSL will then be ignored and taiga will not handle https, it will however set all links to https. It's true the links are indeed https, however it seems like some images are loaded with hardcoded http links. Am I missing something?

IwishIcanFLighT avatar Dec 15 '17 10:12 IwishIcanFLighT

I experience the same problem with the django admin interface '/admin/' but did not find a solution yet.

anddann avatar Apr 06 '18 13:04 anddann

Actually, commit afbf780ab1286f1b6cf5be0d670ea1e70921bef1 and the hint in #52 fixed the issue on my end.

anddann avatar May 16 '18 07:05 anddann