Closed kcan closed 4 years ago
I tried also suggestion from https://snipe-it.readme.io/docs/reverse-proxies, it does not help. Chrome still shows Mixed Content warning.
Did you setup APP_TRUSTED_PROXIES correctly? Make sure the IP you see in the access.log of the snipe it container is the one you expect it to be, and that it is listed in APP_TRUSTED_PROXIES. Snipe-IT will not accept the X-Forwarded headers for ssl if the remote address is not listed as a trusted proxy. It took me some time to figure this out in my setup (not k8s, but dockerized reverse proxy with ssl offloading).
If you wish to use a Reverse Proxy in front of your web server, you'll need to take a few extra steps to make it work. A typical Reverse Proxy scenario looks like this: Internet Reverse Proxy Server (Public & Private IPs) Web Serv...
Hi @hapm ,
Thank you for reply. Because k8s ingress is changing IP addresses quite a lot. It seems not possible to whitelist a fixed IP. Is it possible to allow from all IP sources?
Previously what I have done:
1.APP_TRUSTED_PROXIES='0.0.0.0,' 2.uncommenting 'proxies' => '', in `config/trustedproxies.php'.
But still chrome warn about mixed content issue.
You can use CIDR notation to allow the full subnet used by k8s ingress network. In my case I used 10.0.0.0/8
. If you don't control the ingress network completly, be aware that in such a case any container on the ingress network can fake to be a trusted gateway for snipeit. If you have strict security guidelines make sure this configuration is compatible to them.
Hi @hapm, Thank you for further reply. I tried to update the proxy setting:
root@snipeit-5769cff97d-pqcbm:/var/www/html# printenv | grep APP_TRUSTED_PROXIES
APP_TRUSTED_PROXIES=0.0.0.0/0, 8.17.0.0/16
root@snipeit-5769cff97d-pqcbm:/var/www/html# grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' /var/log/apache2/access.log
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
8.17.0.141
8.17.2.143
But still chrome warn about mixed content issue. Did I do correctly?
anyone could help? thanks
Ditto for me. Help.
Hello. May by you need set to options of Ingress with:
use-forwarded-headers: "true"
And in the config of proxy reverse set headers:
Host
X-Forwarded-Proto
X-Forwarded-Port
X-Forwarded-For
Remember too set on Snipe-it this ENV variable:
APP_TRUSTED_PROXIES: 0.0.0.0/0
Warning This ACL is too much permisive
Regards. Marhbere
Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail. This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Don't take it personally, we just need to keep a handle on things. Thank you for your contributions!
This issue has been automatically closed because it has not had recent activity. If you believe this is still an issue, please confirm that this issue is still happening in the most recent version of Snipe-IT and reply to this thread to re-open it.
Can this be reopened? I'm still seeing this problem with the helm chart.
If you know how to use the dev tools in your browser, use them to watch the network and look up the resources requested over http instead of https. Will probably be an image or something like that. Probably that helps to analyze the problem further.
Same issue
As mentioned in several other issues, you want to set APP_ALLOW_INSECURE_HOSTS
to true. https://snipe-it.readme.io/docs/configuration#optional-misc
Snipe-IT DocumentationThis section is where you edit the Snipe-IT configuration file to reflect your own settings, such as your database credentials, mail server, preferred language, timezone, and so on. Some of the settings are optional, some are required.Don't be intimidated by the length of this page. The configuratio...
It is set to true
Have the warning Uh oh! Snipe-IT thinks your URL is https:/xxxxx, but your real URL is http://xxxxx Please update your APP_URL settings in your .env file and Mixed content error in Chrome Snipe-it just ignoring APP-URL
Please confirm you have done the following before posting your bug report:
Describe the bug A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior A clear and concise description of what you expected to happen.
Screenshots If applicable, add screenshots to help explain your problem.
Server (please complete the following information):
Desktop (please complete the following information):
Error Messages
storage/logs
and your webserver's logs.Additional context
Add any other context about the problem here.