Greetings! I’m using Nginx as a reverse proxy, which leads to mixed content (some data HTTP and some HTTPS). Chrome complains about this.
Here is an example of an error in Chrome.
Mixed Content: The page at ‘https://edx.REMOVED.com/dashboard’ was loaded over HTTPS, but requested an insecure image ‘http://edx.REMOVED.com/static/images/logo.b6c374d66d57.png’. This content should also be served over HTTPS.
Question: So, how do I correctly configure Tutor to run on HTTPS on the backside or eliminate the mixed-content issue?
I used “tutor local quickstart” to configure the system using a pre-defined config.yml file.
ACTIVATE_HTTPS: true ANDROID_OAUTH2_SECRET: REMOVED CMS_HOST: studio.edx.REMOVED.com CONTACT_EMAIL: edx@REMOVED.com ID: REMOVED LANGUAGE_CODE: en LMS_HOST: edx.REMOVED.com MYSQL_ROOT_PASSWORD: REMOVED NGINX_HTTPS_PORT: 10443 NGINX_HTTP_PORT: 10080 OPENEDX_MYSQL_PASSWORD: REMOVED PLATFORM_NAME: REMOVED SECRET_KEY: REMOVED WEB_PROXY: true
Here are the container ports for tutorlocal_nginx_1: 0.0.0.0:10080->80/tcp, 0.0.0.0:10443->443/tcp
I enabled the Nginx site running on the VPS using “$(tutor config printroot)/env/local/proxy/nginx/openedx.conf” per your instructions.
The Problem: openedx.conf proxy_pass is set to HTTP on both port 80 and 443. Container tutorlocal_nginx_1 is serving HTTP data on both ports, 80 and 443.
root@1069a:~# curl --head http://localhost:10080 HTTP/1.1 301 Moved Permanently Server: nginx/1.13.12 Date: Sun, 07 Jul 2019 07:49:56 GMT Content-Type: text/html Content-Length: 186 Connection: keep-alive Location: https://studio.edx.REMOVED.com/ root@1069a:~# curl --head http://localhost:10443 HTTP/1.1 200 OK Server: nginx Date: Sun, 07 Jul 2019 07:50:16 GMT Content-Type: text/html; charset=utf-8 Content-Length: 11493 Connection: keep-alive Vary: Cookie, Accept-Language X-Frame-Options: DENY Content-Language: en Set-Cookie: csrftoken=YzkKbEK43evdNUDdW8dJXNSekQ6QkFHiiBLzKDk7lCgMXSRjF3v06RylcSl28tN7; expires=Sun, 05-Jul-2020 07:50:16 GMT; Max-Age=31449600; Path=/ root@1069a:~# curl --head -k https://localhost:10443 curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I tried configuring the reverse proxy AFTER I successfully started Tutor with SSL on the backend without using a proxy. However, I ran into the redirect loop (https site redirect to the same https site) after stopping and starting Tutor with WEB_PROXY: true and enabling openedx.conf. My understanding of the problem is that the webservers (Nginx proxy server and tutorlocal_nginx_1) received the request over HTTPS correctly, but an internal server was still trying to serve HTTP content, which then allows one of the two outer servers to initiate the HTTP 301 request back to HTTPS.
How have others solved this problem of running HTTPS to a proxy and then having edX serve HTTPS URLS to avoid mixed content?