Client Portal SSL Issues (v5)

TheGreenCastle · July 13, 2021, 1:50am

Hi - I’ve been using v4 self hosted for a few years and just moved to v5. I started from scratch and am using the docker build.

I’m have an issue with the client portal. The main site works fine, but when I try to view the client portal (or view invoices from the links in emails) I get a bunch of security alerts about mixed connections. This is in both FF and Chrome. For some reason InvoiceNinja seems to be requesting certain resources via HTTP, even when explicitly loading the HTTPS version of the page. FF and Chrome both block these requests and throw up a warning to the user.

I have my Nginx config set up to forward all http (port 80) connections via 301 to https (443), but am otherwise using the default configs. I have REQUIRE_HTTPS = true in my ENV.

Any ideas? Bug or a config issue on my end?

hillel · July 13, 2021, 5:12am

@david do you have any thoughts?

david · July 13, 2021, 5:52am

TRUSTED_PROXIES=* in your env file should fix this.

TheGreenCastle · July 16, 2021, 1:26am

Thanks for the help, but that didn’t work. I tried adding TRUSTED_PROXIES=* to the env file and then running artisan optimize. I also made sure the the APP_URL was set to the https URL, but still having issues.

After finding some other related threads I tried adding fastcgi_params https 1 to the nginx config file, but that also did not help.

I ended up reverting back to the mostly vanilla config from the docker repo, with REQUIRE_HTTPS=false. In this config I can load the https version of the site manually, however the company logo always loads insecurely. See below image. Not sure if this points to some kind of config error, but I’m not sure what else to try.