Can't install due to mixed content on install page
Dave4234 opened this issue · comments
I'm trying to install Friendica in Docker using the Docker compose file provided on Docker Hub. The install works fine and I can access it from the 8080 port over HTTP and all seems to work ok.
My problem is that my setup has an nginx reverse proxy providing HTTPS. Although I have Mediawiki and Nextcloud containers working fine on this setup, I can't get past the Install page. It reports all green but the Next button just causes the page to reload. I also get a warning about mixed content on the page as it seems many of the resources are loaded over HTTP.
I have nginx set up to rewrite URLs to HTTPS so I'm not even sure how this is possible. If I open one of the problem resources it rewrites to HTTPS just fine.
Any tips on where to start troubleshooting?
The nginx config is set up with the relevant part as follows:
Edit: I moved nginx to Docker but it hasn't helped, it's exactly the same.
hmm .. can you add the docker-compose file, so I can check it?
Did you set your external https-URL as baseURL
during the installation?
I've attached the docker-compose file. But it's exactly the same as one of the examples listed on the Docker Hub page, except I added a password and email address (which I have changed for this file).
And yes, I set the base URL as https://friendica.mydomain.com during the installation.
hmm ... I successfully setup a test-instance with a little adaption to your setup:
version: '2'
services:
db:
image: mariadb
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_USER=friendica
- MYSQL_PASSWORD=password
- MYSQL_DATABASE=friendica
- MYSQL_RANDOM_ROOT_PASSWORD=yes
app:
image: friendica
restart: always
volumes:
- friendica:/var/www/html
environment:
- MYSQL_HOST=db
- MYSQL_USER=friendica
- MYSQL_PASSWORD=password
- MYSQL_DATABASE=friendica
- FRIENDICA_ADMIN_MAIL=email@address.com
depends_on:
- db
networks:
- web
- default
labels:
- "traefik.enable=true"
- "traefik.http.routers.friendica-test.entrypoints=https"
- "traefik.http.routers.friendica-test.rule=Host(`testfriendica.philipp.info`)"
- "traefik.http.routers.friendica-test.middlewares=https-chain@file"
- "traefik.http.routers.friendica-test.tls=true"
- "traefik.http.routers.friendica-test.tls.certresolver=default"
volumes:
db:
friendica:
networks:
web:
external: true
So instead of a nginx proxy, I use traefik
And after calling https://testfriendica.philipp.info , I was able to successfully setup an instance .. Maybe there's a problem with the nginx config and maybe asset resolving (which would explain the mixed-content problem)?
Can you provide your nginx setup (even with docker) so I can locally test it with nginx again ..
Thanks for the reply. In some way it's good to know that it works for you so is likely related to my nginx config. I've copied the config below. My full config includes server sections for other services running in other docker containers, but I have tested this config as below (with domain name changed) and I get exactly the same result as before, the install page loads with a mixed content warning.
http {
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
# Redirect all traffic to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name friendica.domain.com;
location / {
proxy_pass http://friendica_app_1;
proxy_set_header Host friendica.domain.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
As an update to this, I've narrowed it down to an issue with connecting to Friendica from within my network. I can connect to it fine from outside the network, but when accessing it within my network it tries to load some resources over HTTP.
I have a pi-hole that I run on my network (but disabling blocking didn't help). I have a domain name that I use for accessing externally, and I added this same domain name to the pi-hole DNS so it resolves to the local IP of the Raspberry Pi when connected to my network. This setup works for Mediawiki, Nextcloud, etc. But with Friendica it gives me a mixed content warning.
To be honest I don't even understand why this is a problem. As far as the browser and web server are concerned, it should be exactly the same whether internal or external. So I'm very confused as to why this is a problem at all, and even more confused as to why it only affects Friendica...
So final update - I converted my whole setup to Traefik and it all works fine. I have no idea why it didn't work for me under nginx. An unsatisfying ending but at least it works.