Greetings! I’m using Nginx as a reverse proxy, which leads to mixed content (some data HTTP and some HTTPS). Chrome complains about this.
Here is an example of an error in Chrome.
Mixed Content: The page at ‘https://edx.REMOVED.com/dashboard’ was loaded over HTTPS, but requested an insecure image ‘http://edx.REMOVED.com/static/images/logo.b6c374d66d57.png’. This content should also be served over HTTPS.
Question: So, how do I correctly configure Tutor to run on HTTPS on the backside or eliminate the mixed-content issue?
I used “tutor local quickstart” to configure the system using a pre-defined config.yml file.
ACTIVATE_HTTPS: true
ANDROID_OAUTH2_SECRET: REMOVED
CMS_HOST: studio.edx.REMOVED.com
CONTACT_EMAIL: edx@REMOVED.com
ID: REMOVED
LANGUAGE_CODE: en
LMS_HOST: edx.REMOVED.com
MYSQL_ROOT_PASSWORD: REMOVED
NGINX_HTTPS_PORT: 10443
NGINX_HTTP_PORT: 10080
OPENEDX_MYSQL_PASSWORD: REMOVED
PLATFORM_NAME: REMOVED
SECRET_KEY: REMOVED
WEB_PROXY: true
Here are the container ports for tutorlocal_nginx_1: 0.0.0.0:10080->80/tcp, 0.0.0.0:10443->443/tcp
I enabled the Nginx site running on the VPS using “$(tutor config printroot)/env/local/proxy/nginx/openedx.conf” per your instructions.
The Problem: openedx.conf proxy_pass is set to HTTP on both port 80 and 443. Container tutorlocal_nginx_1 is serving HTTP data on both ports, 80 and 443.
root@1069a:~# curl --head http://localhost:10080
HTTP/1.1 301 Moved Permanently
Server: nginx/1.13.12
Date: Sun, 07 Jul 2019 07:49:56 GMT
Content-Type: text/html
Content-Length: 186
Connection: keep-alive
Location: https://studio.edx.REMOVED.com/
root@1069a:~# curl --head http://localhost:10443
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 07 Jul 2019 07:50:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 11493
Connection: keep-alive
Vary: Cookie, Accept-Language
X-Frame-Options: DENY
Content-Language: en
Set-Cookie: csrftoken=YzkKbEK43evdNUDdW8dJXNSekQ6QkFHiiBLzKDk7lCgMXSRjF3v06RylcSl28tN7; expires=Sun, 05-Jul-2020 07:50:16 GMT; Max-Age=31449600; Path=/
root@1069a:~# curl --head -k https://localhost:10443
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I tried configuring the reverse proxy AFTER I successfully started Tutor with SSL on the backend without using a proxy. However, I ran into the redirect loop (https site redirect to the same https site) after stopping and starting Tutor with WEB_PROXY: true and enabling openedx.conf. My understanding of the problem is that the webservers (Nginx proxy server and tutorlocal_nginx_1) received the request over HTTPS correctly, but an internal server was still trying to serve HTTP content, which then allows one of the two outer servers to initiate the HTTP 301 request back to HTTPS.
How have others solved this problem of running HTTPS to a proxy and then having edX serve HTTPS URLS to avoid mixed content?
Many thanks.