search

docker-taiga / taiga

docker-compose.yml for simple taiga setup
215 stars 75 forks source link

Websocket load from https #26

Closed ctreton closed 4 years ago

ctreton commented 4 years ago

Hi, I set the env variable ENABLE_SSL to yes and the application is blocked by chrome because it tried to load unsecured script and pages from a secured one. I have a server with ubuntu using apache vhost with proxypass to redirect to my docker container. Here is the chrome console error : Mixed Content: The page at 'https://taiga.mydomain.com/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://taiga.mydomain.com/events/'. This request has been blocked; this endpoint must be available over WSS. Here is my apache vhost configuration :

<VirtualHost *:80>
    ServerName taiga.mydomain.com
    ServerAdmin dev@mydomain.com

    Redirect / https://taiga.mydomain.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName taiga.mydomain.com
    ServerAdmin dev@mydomain.com

    Header Set X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"

    SSLProxyEngine On
    ProxyPreserveHost On
    ProxyPass         / https://localhost:3002/
    ProxyPassReverse  / https://localhost:3002/
    ProxyPass         /events wss://localhost:3002/events

    ErrorLog ${APACHE_LOG_DIR}/taiga_error.log
    CustomLog ${APACHE_LOG_DIR}/taiga_access.log combined

    SSLCertificateFile /etc/letsencrypt/live/taiga.mydomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/taiga.mydomain.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

Obviously my own domain was replaced by "mydomain".

Any idea ? Thanks

w1ck3dg0ph3r commented 4 years ago

Hi! I would try to ssh into front container (docker exec -it taiga-front ash) and ensure eventsUrl is using wss:// scheme in config.json (no restart needed). ENABLE_SSL value is used only on the first run to set events web socket scheme to either ws:// or wss://.

ctreton commented 4 years ago

Thank you, this is awkward because I downed my containers with volumes, deleted those volumes and reup but still no SSL, I just set myself the conf file and it worked. Now I have some 502 on back and the webservice connection seems to be closed but this is a new step :)