search

coollabsio / coolify

An open-source & self-hostable Heroku / Netlify / Vercel alternative.
https://coolify.io
Apache License 2.0
32.99k stars 1.75k forks source link

[Bug]: Mixed content when deployed behind LB #2518

Open aimestereo opened 4 months ago

aimestereo commented 4 months ago

Description

I have a problem with Coolify admin. It is deployed on AWS EC2 and SSL termination happens before traffic reaches instance.

In my setup Coolify thinks that it's served via http and hardcode http into generated pages.

How do I teach Coolify that it's behind https? what am I missing?

Notes:

after I've created this issue, I've found dns configuration, so I've set Settings -> General -> Instance's Domain to my https://my.domain that I use to access instance - nothing changed, except this:

Validating DNS failed.
<br><br>
Make sure you have added the DNS records correctly.
<br><br>
https://coolify.truagents.dev->host.docker.internal
<br><br>
Check this <a target='_blank' class='underline dark:text-white' href='https://coolify.io/docs/knowledge-base/dns-configuration'>documentation</a> for further help.

I've also tried to disabled Domain validation - it let me save settings, but it didn't help with overall problem

Minimal Reproduction (if possible, example repository)

I have such deployment in AWS: - https -> CloudFront (terminate ssl) - http -> LoadBalancer -> EC2 with Coolify

Exception or Error

Example: part of Server page - see a lot of http://:

<title>Coolify</title>
<link rel="icon" href="http://coolify.truagents.dev/coolify-transparent.png" type="image/x-icon" />
...
<link rel="preload" as="style" href="http://coolify.truagents.dev/build/assets/app-f77813ca.css" />
<link rel="modulepreload" href="http://coolify.truagents.dev/build/assets/app-4ed993c7.js" />
<link rel="stylesheet" href="http://coolify.truagents.dev/build/assets/app-f77813ca.css" data-navigate-track="reload" />
<script type="module" src="http://coolify.truagents.dev/build/assets/app-4ed993c7.js" data-navigate-track="reload"></script>
image Screenshot 2024-06-13 at 08 55 19

Version

v4.0.0-beta.294

stuart-haas commented 3 months ago

@aimestereo Have you considered using a network load balancer instead and terminating SSL on the server? This seems like a simple configuration issue between cloudfront and your ec2 instance. The server you are running should expose another port for 443 or 9443 and then you can forward that traffic to a network load balancer and/or use cloudfront in front of that to handle ssl traffic.

aimestereo commented 3 months ago

@stuart-haas, thanks, I will try it out, originally I just thought that I misconfigured Coolify, but it seems, for https to work correctly I need to let Coolify to terminate SSL

bh0mbalziyad commented 2 days ago

Can confirm that this is indeed solved by letting traefik terminate the SSL connection. I initially had Coolify deployed behind Nginx and wasn't using Traefik but that setup wasn't ideal as I was having to spend an unreasonable amount of time on rewriting my Nginx rules.