PrestaShop / docker

🐳
https://hub.docker.com/r/prestashop/prestashop/
MIT License
263 stars 181 forks source link

Cannot enable SSL #84

Closed marceloschmidt closed 5 years ago

marceloschmidt commented 7 years ago

I'm running PrestaShop v 1.7.1.2 via Docker.

When I try to enable SSL, by clicking the "Please, click here to check if your store supports SSL", the browser correctly redirects to https and loads the admin, but it never passes the check. If I check my console for log messages I find this:

Mixed Content: The page at 'https://www.mydomain.com.br/admin..../index.php?controller=AdminPreferences&token=eeee....' was loaded over HTTPS, but requested an insecure image 'http://profile.prestashop.com/username%40domain.tld.jpg'. This content should also be served over HTTPS.

Could this be the reason?

If you need further information, read on :)

I run PrestaShop with docker-compose. Here's the relevant part:

version: '2'
services:
  nginx:
    volumes:
      - /data/nginx:/etc/nginx/conf.d
      - /data/sites/:/sites
      - /data/nginx/dhparam.pem:/etc/nginx/ssl/dhparam.pem
      - /etc/letsencrypt/:/etc/letsencrypt/
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    image: nginx

  mariadb:
    image: mariadb:10.1
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=xxx
      - MYSQL_DATABASE=xxx
      - MYSQL_USER=xxx
      - MYSQL_PASSWORD=xxx
    volumes:
      - /data/mysql/db:/var/lib/mysql

  prestashop:
    image: prestashop/prestashop
    ports:
      - 8081:80
    depends_on:
      - mariadb

As you can imagine, I use nginx as a reverse-proxy to my docker containers. Here's the nginx part for the prestashop container:

server {
    listen 80;
    server_name mydomain.com www.mydomain.com;

    location /.well-known {
        root /sites/letsencrypt;
    }

        location / {
        client_max_body_size 32m;
                proxy_buffering off;
                proxy_http_version 1.1;
                proxy_read_timeout 600;
                proxy_send_timeout 600;
                proxy_set_header   Host             $host;
                proxy_set_header   Referer          $http_referer;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_set_header   Upgrade          $http_upgrade;
                proxy_set_header   Connection       "upgrade";
                proxy_set_header   X-Forward-Proto  http;
                proxy_set_header   X-Nginx-Proxy    true;
                proxy_redirect     off;
                proxy_pass         http://prestashop;
                if ($uri != '/') {
                        expires 30d;
                }
        }
}

server {
    listen 443;
    server_name mydomain.com www.mydomain.com;

    location /.well-known {
        root /sites/letsencrypt;
    }

    location / {
        client_max_body_size 32m;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        proxy_set_header   Host             $host;
        proxy_set_header   Referer          $http_referer;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   Upgrade          $http_upgrade;
        proxy_set_header   Connection       "upgrade";
        proxy_set_header   X-Forward-Proto  http;
        proxy_set_header   X-Nginx-Proxy    true;
        proxy_redirect     off;
        proxy_pass         http://prestashop;
        if ($uri != '/') {
            expires 30d;
        }
    }
    ssl on;

    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;

    ssl_ciphers          'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_dhparam          /etc/nginx/ssl/dhparam.pem;
}

Hopefully that's enough information to get started ;)

khena commented 7 years ago

Your config is ok, I think it's (another) Prestashop Issue : https://www.prestashop.com/forums/topic/491070-ssl-broken-on-default-instalation-and-theme/

Quetzacoalt91 commented 7 years ago

I agree with @khena, this is likely related to PrestaShop. I worked on that issue a few months ago (https://github.com/PrestaShop/PrestaShop/pull/7686).

Because I reached my shop via http://localhost, I did not have to use the SSL protocol and did not check the backoffice. But this issue should not occur on your front-office.

ziaxdk commented 6 years ago

Why use nginx? You can easily derive from the image and add the ssl config

FROM prestashop/prestashop:1.7.2.4
LABEL maintainer="ZiaxDK <ziaxdk@gmail.com>"

RUN a2enmod ssl
RUN chmod 777 -R /var/www/html

and apache config

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
        SSLCertificateFile      /etc/ssl/certs/cert.pem
        SSLCertificateKeyFile /etc/ssl/private/cert.key

</VirtualHost>
adamczykjac commented 6 years ago

@ziaxdk Don't you find RUN chmod 777 -R /var/www/html dangerous? Why would that be needed?

ryandanthony commented 5 years ago

I was able to get around this by running the following script in mysql:

use prestashop
SELECT NAME, VALUE FROM ps_configuration WHERE NAME IN ('PS_SSL_ENABLED', 'PS_SSL_ENABLED_EVERYWHERE');
UPDATE ps_configuration SET VALUE = '1'  WHERE NAME IN ('PS_SSL_ENABLED', 'PS_SSL_ENABLED_EVERYWHERE');
SELECT NAME, VALUE FROM ps_configuration WHERE NAME IN ('PS_SSL_ENABLED', 'PS_SSL_ENABLED_EVERYWHERE');
imranparuk commented 5 years ago

Has this issue been fixed?

marionf commented 5 years ago

@khouloudbelguith Could you try to reproduce it ?

khouloudbelguith commented 5 years ago

Hi @marionf,

I tried with local PS1.7.6.0. I have the same error logjquery-1.11.0.min.js:3 Mixed Content: The page at 'https://localhost/QA/prestashop/prestashop_1.7.6.0/admin-dev/index.php?controller=AdminOrders&token=0df45afdc18d657b1997221d3f444baa' was loaded over HTTPS, but requested an insecure image 'http://doc.prestashop.com/download/attachments/51184914/orders-orders001-list.png?version=1&modificationDate=1477580614000&api=v2'. This content should also be served over HTTPS. ssl

In fact, this issue is reported in this ticket: https://github.com/PrestaShop/PrestaShop/issues/9807

Thanks!

marionf commented 5 years ago

Duplicate of PrestaShop/PrestaShop#9807

Giiver commented 4 years ago

I was able to get around this by running the following script in mysql:

use prestashop
SELECT NAME, VALUE FROM ps_configuration WHERE NAME IN ('PS_SSL_ENABLED', 'PS_SSL_ENABLED_EVERYWHERE');
UPDATE ps_configuration SET VALUE = '1'  WHERE NAME IN ('PS_SSL_ENABLED', 'PS_SSL_ENABLED_EVERYWHERE');
SELECT NAME, VALUE FROM ps_configuration WHERE NAME IN ('PS_SSL_ENABLED', 'PS_SSL_ENABLED_EVERYWHERE');

Thank you very much !!!! it works for me. I have been looking for a solution all day .. THANK YOU

elcid2012 commented 1 year ago

I was able to get around this by running the following script in mysql:

use prestashop
SELECT NAME, VALUE FROM ps_configuration WHERE NAME IN ('PS_SSL_ENABLED', 'PS_SSL_ENABLED_EVERYWHERE');
UPDATE ps_configuration SET VALUE = '1'  WHERE NAME IN ('PS_SSL_ENABLED', 'PS_SSL_ENABLED_EVERYWHERE');
SELECT NAME, VALUE FROM ps_configuration WHERE NAME IN ('PS_SSL_ENABLED', 'PS_SSL_ENABLED_EVERYWHERE');

Thank you very much !!!! it works for me. I have been looking for a solution all day .. THANK YOU

Wanted to add - this worked perfectly for a docker-compose version of Prestashop running behind NGINX Proxy Manager. Back office was loading fine, but front office was getting the "too many redirects" error. This solved that problem on latest version of Prestashop 8.

waflessnet commented 9 months ago

hi, i solved using update (sql) and add config in nginx (proxy reverse):

proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;

then my nginx location:

         location / {
            resolver 127.0.0.11 valid=30s;

            proxy_pass   http://DOMAIN.COM;
            proxy_http_version 1.1;

            proxy_set_header Host  DOMAIN.COM;
            index index.html index.php;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;

            #FULL PATH  CONTENT PS:
            root /var/lib/docker/volumes/MY_VOLUME_DOCKER/_data;

            proxy_pass_request_headers      on;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Port $server_port;
        }

i configure ps docker with componse, then ip in componser

and ip docker container in /etc/hosts 10.11.11.15 is example.

10.11.11.15  domain.com

-- my config: i use ps docker with componse ssl letscript nginx . server ubuntu.