Can't install due to mixed content on install page

Question

Can't install due to mixed content on install page

Dave4234 opened this issue 3 years ago · comments

I'm trying to install Friendica in Docker using the Docker compose file provided on Docker Hub. The install works fine and I can access it from the 8080 port over HTTP and all seems to work ok.

My problem is that my setup has an nginx reverse proxy providing HTTPS. Although I have Mediawiki and Nextcloud containers working fine on this setup, I can't get past the Install page. It reports all green but the Next button just causes the page to reload. I also get a warning about mixed content on the page as it seems many of the resources are loaded over HTTP.

I have nginx set up to rewrite URLs to HTTPS so I'm not even sure how this is possible. If I open one of the problem resources it rewrites to HTTPS just fine.

Any tips on where to start troubleshooting?

The nginx config is set up with the relevant part as follows:

Edit: I moved nginx to Docker but it hasn't helped, it's exactly the same.

Philipp · Answer 1 · Sat Jul 03 2021 19:41:48 GMT+0800 (China Standard Time)

hmm .. can you add the docker-compose file, so I can check it?
Did you set your external https-URL as baseURL during the installation?

Dave4234 · Answer 2 · Mon Jul 05 2021 16:22:08 GMT+0800 (China Standard Time)

I've attached the docker-compose file. But it's exactly the same as one of the examples listed on the Docker Hub page, except I added a password and email address (which I have changed for this file).

docker-compose.txt

And yes, I set the base URL as https://friendica.mydomain.com during the installation.

Philipp · Answer 3 · Sun Jul 11 2021 20:11:42 GMT+0800 (China Standard Time)

hmm ... I successfully setup a test-instance with a little adaption to your setup:

version: '2'

services:
  db:
    image: mariadb
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_USER=friendica
      - MYSQL_PASSWORD=password
      - MYSQL_DATABASE=friendica
      - MYSQL_RANDOM_ROOT_PASSWORD=yes

  app:
    image: friendica
    restart: always
    volumes:
      - friendica:/var/www/html
    environment:
      - MYSQL_HOST=db
      - MYSQL_USER=friendica
      - MYSQL_PASSWORD=password
      - MYSQL_DATABASE=friendica
      - FRIENDICA_ADMIN_MAIL=email@address.com
    depends_on:
      - db
    networks:
      - web
      - default
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.friendica-test.entrypoints=https"
      - "traefik.http.routers.friendica-test.rule=Host(`testfriendica.philipp.info`)"
      - "traefik.http.routers.friendica-test.middlewares=https-chain@file"
      - "traefik.http.routers.friendica-test.tls=true"
      - "traefik.http.routers.friendica-test.tls.certresolver=default"

volumes:
  db:
  friendica:

networks:
  web:
    external: true

So instead of a nginx proxy, I use traefik

And after calling https://testfriendica.philipp.info , I was able to successfully setup an instance .. Maybe there's a problem with the nginx config and maybe asset resolving (which would explain the mixed-content problem)?

Can you provide your nginx setup (even with docker) so I can locally test it with nginx again ..

Dave4234 · Answer 4 · Mon Jul 12 2021 18:15:57 GMT+0800 (China Standard Time)

Thanks for the reply. In some way it's good to know that it works for you so is likely related to my nginx config. I've copied the config below. My full config includes server sections for other services running in other docker containers, but I have tested this config as below (with domain name changed) and I get exactly the same result as before, the install page loads with a mixed content warning.

http {
  ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

  # Redirect all traffic to HTTPS
  server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    return 301   https://$host$request_uri;
   }

   server {
       listen 443 ssl;

       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
       server_name friendica.domain.com;

       location / {
           proxy_pass       http://friendica_app_1;
           proxy_set_header Host     friendica.domain.com;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Real-IP $remote_addr;
       }
   }

}

Dave4234 · Answer 5 · Sun Jul 25 2021 08:22:36 GMT+0800 (China Standard Time)

As an update to this, I've narrowed it down to an issue with connecting to Friendica from within my network. I can connect to it fine from outside the network, but when accessing it within my network it tries to load some resources over HTTP.

I have a pi-hole that I run on my network (but disabling blocking didn't help). I have a domain name that I use for accessing externally, and I added this same domain name to the pi-hole DNS so it resolves to the local IP of the Raspberry Pi when connected to my network. This setup works for Mediawiki, Nextcloud, etc. But with Friendica it gives me a mixed content warning.

To be honest I don't even understand why this is a problem. As far as the browser and web server are concerned, it should be exactly the same whether internal or external. So I'm very confused as to why this is a problem at all, and even more confused as to why it only affects Friendica...

Dave4234 · Answer 6 · Mon Jul 26 2021 11:00:26 GMT+0800 (China Standard Time)

So final update - I converted my whole setup to Traefik and it all works fine. I have no idea why it didn't work for me under nginx. An unsatisfying ending but at least it works.