yuljk
May 29, 2019, 7:05am
1
Hi guys - I recently moved my self-hosted install over from https to http as I have configured SSL offloading on HAproxy.
I set REQUIRE_HTTPS=false in .env and also set the URL to http.
When I navigate to Invoice Ninja my dashboard is no longer showing Total Revenue etc and the clients and invoices screens are blank.
Checking the modified date of my laravel-error logs shows nothing recent.
Any ideas why this might be happening? - I’ve cleared the browser cache and Invoice Ninja cache.
Many thanks
yuljk
May 30, 2019, 6:30am
2
Seems someone else had a similar issue a while back which explains my setup in HAproxy https://github.com/invoiceninja/invoiceninja/issues/1386
Has anything changed with respect to this issue since this was posted?
Many thanks
yuljk
June 2, 2019, 3:10am
3
I’ve resolved this issue now. For anyone having similar issues with HAProxy using SSL termination with Invoice Ninja, I setup an SSL backend for Invoice Ninja and generated a self-signed certificate (10 year lifetime) for my 443 virtual host in Apache2.
I also disabled certificate SSL checks on the backend to cut down on CPU overhead.
Invoice Ninja now works with a reverse proxy using SSL termination to a SSL backend
Glad to hear it’s working, thanks for sharing the solution!
I’m late to the party but faced the same problem.
There is an easy solution without the need for a self-signed certificate.
Assuming HAproxy runs on the same machine as invoiceninja:
In haproxy.cfg:
backend invoiceninja-backend
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server invoiceninja 127.0.0.1:[port] check
In .env:
APP_URL=https://your.server.com
REQUIRE_HTTPS=true
TRUSTED_PROXIES=127.0.0.1
hillel
March 4, 2020, 9:16am
6
Thanks for sharing the solution!
I use HAProxy and have personally tested this nginx config.
In my case HAProxy handles SSL termination, so the traffic is over port 80, but the URL is still https. This is how I resolved the mixed content issues.
If on the Invoice Ninja container you use nginx, then just force https:
server {
listen 80;
listen [::]:80;
server_name ninja.example.com;
fastcgi_hide_header X-Powered-By;
root /var/www/invoiceninja/public/;
index index.php index.html index.htm;
charset utf-8;
client_max_body_size 99M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
if (!-e $request_filename) {
rewrite ^(.+)$ /index.php?q= last;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log /var/log/nginx/invoiceninja.access.log;
error_log /var/log/nginx/invoiceninja.error.log;
location ~ \.php$ {
proxy_set_header X-Forwarded-Proto https;
fastcgi_param HTTPS 'on';
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
location ~ /\.ht {
deny all;
}
sendfile off;
}
The lines that make this happen are:
proxy_set_header X-Forwarded-Proto https;
fastcgi_param HTTPS 'on';
If you use Apache, something similar to this should work, I did not test the apache variant, but have used something similar to this in the past with other projects:
<VirtualHost *:80>
ServerName example.com
ServerAlias ninja.example.com
RemoteIPHeader X-Forwarded-For
SetEnv HTTPS "on"
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
DocumentRoot "/var/www/invoiceninja/"
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>