problem displaying images associated with points on the map

[MaxiReglisse]

Hello everyone,

With qgis popups, you can associate images with points on the map. These images are visible when clicked.

But the images are not showing because the URL is incorrect: "http://map:8080" should be replaced by "https://map..."

Example:

http://lizmap-dev.inframshe.univ-fcomte.fr:8080/index.php/view/media/getMedia?repository=tplizmap&project=projet_formation_lizmap&path=media%2Fphotos%2Fpanneaux%2FArnaud%2Fav_aristide_briand_face46_2.JPG

should be:

https://lizmap-dev.inframshe.univ-fcomte.fr/index.php/view/media/getMedia?repository=tplizmap&project=projet_formation_lizmap&path=media%2Fphotos%2Fpanneaux%2FArnaud%2Fav_aristide_briand_face46_2.JPG

I propose to illustrate this problem with some screenshots.

URL of my lizmap instance:

Displaying the map and attempting to display the image

Encountered problem:

Correct the url and the image is displayed!

Myconfig:

An Nginx reverse proxy installed on the host manages HTTPS access to the lizmap instance.

Taken from /etc/nginx/sites-enabled/lizmap-ssl.conf

location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;   # Ajoutez cette ligne
    proxy_pass http://localhost:8090;
    proxy_read_timeout 90;
}

Thank you in advance for your help.

Ernest.

[Gustry]

And in your popup configuration, your string is starting by media/photos/panneaux/... ?

[MaxiReglisse]

Yes, the link is like this one:

https://lizmap-dev.inframshe.univ-fcomte.fr/index.php/view/media/getMedia?repository=tpformationlizmap&project=tp_formation_lizmap&path=media/photos/panneaux/intersection_ronde_champtave.JPG

Here is a screenshot taken from qgis.

Note that this feature works in version 3.3 of Lizmap.

[MaxiReglisse]

Hello, I finally understood that the problem came from my reverse proxy, Nginx, with which I manage the SSL protocol to access the lizmap application in https.

To be sure, all I had to do was check that everything was working correctly when accessing lizmap directly on port 8090.

To solve the https://...:8080 url rewriting problem in https://.../, I used nginx's sub_filter module.

Here's the /etc/nginx/sites-enable/lizmap-ssl.conf file.

server {
listen 80;
return 301 https://$server_name$request_uri;
}

server {

    listen 443;
    server_name lizmap-dev.inframshe.univ-fcomte.fr;

    ssl_certificate           /etc/ssl/sectigo/lizmap-dev_inframshe_univ-fcomte_fr.pem;
    ssl_certificate_key       /etc/ssl/sectigo/lizmap-dev.inframshe.univ-fcomte.fr.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/lizmap-dev.inframshe.access.log;

    location / {

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme; 

        # https://serverfault.com/questions/659029/how-to-solve-nginx-reverse-proxy-mixed-contenthttp-https
        add_header 'Content-Security-Policy' 'upgrade-insecure-requests';

        proxy_pass http://localhost:8090;
        proxy_read_timeout 90;

        # proxy_redirect should work but it does not
        # proxy_redirect http://localhost:8080/ /;
        # proxy_redirect https://localhost:8080/ /;

        # Use sub_filter to replace :8080 with an empty string
        sub_filter_types *;    # Tells Nginx to filter all content types (text, html, etc.)
        sub_filter_once off;   # Enables Nginx to filter multiple times if necessary (for multiple hits)

        # Here, we tell Nginx to replace all occurrences of "8080" with an empty string.
        sub_filter '8080' '';

    }
}