Mixed Content Error - Admin panel does not load

[floqui-nl]

Installed the plugin and configured the CDN following the instructions. Image loading works perfectly, but my shopware admin panel stops working after enabling the plugin and clearing the cache. The frontend works flawless (images are being loaded from the CDN).

When I checked the console in Chrome, I received a lot of errors that I did not receive when the plugin was disabled. These errors say that images and scripts from the backend cannot be loaded due to mixed error content. I believe the plugin changes the script urls from the backend to http instead of https and therefore the backend won't load.

Perhaps I do something wrong? I use Cloudflare and BunnyCDN and I've tried disabling Cloudflare. The only difference is the mixed content error. My server runs NGINX with PHP 7.4 and MariaDB 8.

[tinect]

Sadly the plugin does modify the script urls regarding your config . Looks like you configured your shop not to use ssl. Info: edited, because I thought it was shopware 5 related. Shopware 6 it is called admin :-)

[tinect]

Please remove /var/bunnycdn_config.yml in your shop and check the config.

[floqui-nl]

As far as I am aware I fully use SSL and I do not receive any mixed content errors when the plugin is disabled.

I've searched for bunnycdn_config.yml in the /var/ directory but there is no file with that name. There are 2 folders (cache and log) and 2 files (plugins.json and theme-variables.scss).

[floqui-nl]

Perhaps useful to add: Once I deactivate the plugin through the bin/console command, the admin panel works perfectly. Until I activate the plugin again.

[floqui-nl]

I've added a line in the NGINX configuration to upgrade insecure request with a Content Security Policy and now the admin panel works again!

I still suspect the plugin changes some script and images sources to HTTP, but at least it works by adding this: add_header Content-Security-Policy upgrade-insecure-requests;

Nevertheless thanks a lot for your help and very quick response!

[tinect]

As far as I am aware I fully use SSL and I do not receive any mixed content errors when the plugin is disabled.

I've searched for bunnycdn_config.yml in the /var/ directory but there is no file with that name. There are 2 folders (cache and log) and 2 files (plugins.json and theme-variables.scss).

Strange, because this file is created when saving the config and without that file, the plugin has no effect. You're using the recent version of the plugin?

[floqui-nl]

I installed it today from the Shopware store so yes I'm using the most recent version! Shopware is up-to-date as well.

I checked through SSH, but also through SFTP and I cannot find anything besides the files on the screenshot attached. Nevertheless, the plugin now seems to work flawless (with the upgrade-insecure-connections policy)

[LloenWork]

For those coming here in 2024. You can 'force' symphony to use HTTPS by adding this on your nginx config

location ~ ^/index\.php$ {
    fastcgi_pass 127.0.0.1:9000;
    include fastcgi.conf;
    # Lie to Symfony about the protocol and port so that it generates the correct HTTPS URLs
    fastcgi_param SERVER_PORT "443";
    fastcgi_param HTTPS "on";
}

https://symfony.com/doc/current/deployment/proxies.html#overriding-configuration-behind-hidden-ssl-termination