search

maptiler / tileserver-gl

Vector and raster maps with GL styles. Server side rendering by MapLibre GL Native. Map tile server for MapLibre GL JS, Android, iOS, Leaflet, OpenLayers, GIS via WMTS, etc.
https://tileserver.readthedocs.io/en/latest/
Other
2.24k stars 639 forks source link

Provided Tilejson file's "tiles" attribute uses "HTTP" instead of "HTTPS" #1200

Closed ZizhanHe closed 8 months ago

ZizhanHe commented 8 months ago

I am building a webpage containing a map with tiles served via TileServer-GL. I served the default " zurich_switzerland.mbtiles" and when I visit tileserver-gl's interface (http://$server_ip:8080/) and click on "TileJson" under the DATA section, I see the following {"tiles":["http://$SERVER_IP:8080/data/openmaptiles/{z}/{x}/{y}.pbf"] My question is: Is there any way to change URL template in "tiles" attribute to use HTTPS instead of HTTP? And why is it using HTTP (is the default HTTP? or is it something to do with config.json file for example)?

I want to change this to HTTPS because my browser (chrome) is automatically blocking content loaded over HTTP, so all "pbf" files are blocked and marked as "unsafe". More specifically, when I click on "Viewer" in Klokantech Basic in the tileserver-gl's interface, I see that all "pbf" files are loaded via HTTP using the template format defined under "tiles" (see screen shot below) and I get "mixed-content" error.

Screen Shot 2024-03-05 at 5 59 29 PM

I've read the Tileservr-gl doc and the TileJson doc but failed to find any way to modify "tiles" to use HTTPS.

Here's exactly what I did 1) Cloned tileserver-gl's github repo 2) Built the docker image using the Dockerfile docker build -f Dockerfile .-t $DOCKER_IMAGE_NAME 3) Downloaded the sample config.json, styles, and "zurich_switzerland.mbtiles" wget https://github.com/maptiler/tileserver-gl/releases/download/v1.3.0/test_data.zip

unzip test_data.zip 4) Launched the docker image docker run --rm -it -v $(pwd):/data -p 8080:8080 $DOCKER_IMAGE_NAME

I am using Ubuntu 22.04.4 and apache2.

acalcutt commented 8 months ago

When I was using apache, I did something like this

<VirtualHost *:443>
    ServerName tiles.foo.lan
    ServerAdmin admin@tiles.foo.lan
    DocumentRoot /var/www/html/
    ErrorLog /var/log/apache2/tiles.foo.lan-error_log
    CustomLog /var/log/apache2/tiles.foo.lan-access_log combined

    SSLCertificateFile /etc/letsencrypt/live/tiles.foo.lan/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/tiles.foo.lan/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf    

    SSLProxyEngine on
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off   
    ProxyPreserveHost on

    ProxyPass / http://192.168.0.222:8080/ retry=1 acquire=3000 timeout=600 Keepalive=On
    ProxyPassReverse / http://192.168.0.222:8080/
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
</VirtualHost>
ZizhanHe commented 8 months ago

@acalcutt Thank you so much! I've been trying to solve this problem for days and adding the following lines in the Apache config file solved the problem for me!

SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
...
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
acalcutt commented 8 months ago

Glad to hear you got it working :-)