search

benhutchins / docker-taiga

Docker container for Taiga https://taiga.io
https://hub.docker.com/r/benhutchins/taiga/
GNU General Public License v3.0
288 stars 154 forks source link

Mixed content with images #39

Open IwishIcanFLighT opened 6 years ago

IwishIcanFLighT commented 6 years ago

Hi !

I installed Taiga on behind my Apache proxy. Everything is working great except I get mixed content warnings for images:

Mixed Content: The page at 'https://tg.website.com/project/myproject/' was loaded over HTTPS,
but requested an insecure image 'http://tg.website.com/media/user/1/4/5/6/719044330acb4fc76d85b27bc29cd4a4aa546e0d82e5d6db0ea35a6e75a8/t0255bcgs-u0255bcgw-8b381fb14cd9-512.png.80x80_q85_crop.jpg'.
This content should also be served over HTTPS.

The image is my profil picture on the taiga, but I was able to reproduce the same warning with an image attachment and the project image. Images still load, but this is not ideal as this is a production taiga so the HTTPS must be rock solid.

This is my docker SSL config (I used the docker-compose script to install it):

TAIGA_SSL: 'True' # I also tested it to false with only TAIGA_SSL_BY_REVERSE_PROXY: 'True'
TAIGA_SSL_BY_REVERSE_PROXY: 'True'

The SSL is then entirely handled by the apache config with Let's Encrypt.

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    ServerName tg.website.com

    RequestHeader set X-Forwarded-Proto "https"

    RewriteEngine On

    ProxyPreserveHost On
    ProxyRequests Off

    ProxyPass / http://127.0.0.1:1337/
    ProxyPassReverse / http://127.0.0.1:1337/

    SSLCertificateFile "/etc/letsencrypt/live/tg.website.com/fullchain.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/tg.website.com/privkey.pem"
    Include "/etc/letsencrypt/options-ssl-apache.conf"
</VirtualHost>
</IfModule>

<VirtualHost *:80>
    ServerName tg.website.com

    RewriteEngine On

    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    RewriteCond %{SERVER_NAME} =tg.website.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

The readme states that if I set TAIGA_SSL_BY_REVERSE_PROXY to True, The value of TAIGA_SSL will then be ignored and taiga will not handle https, it will however set all links to https. It's true the links are indeed https, however it seems like some images are loaded with hardcoded http links. Am I missing something?

anddann commented 6 years ago

I experience the same problem with the django admin interface '/admin/' but did not find a solution yet.

anddann commented 6 years ago

Actually, commit afbf780ab1286f1b6cf5be0d670ea1e70921bef1 and the hint in #52 fixed the issue on my end.