Enable SSL

Good morning! I’m really loving Invoice Ninja so far, it’s been amazing! I’m running it in a docker container using a reverse proxy, and I’ve managed to enable SSL on my subdomain invoices.orgname.com using let’s encrypt.

Now, the problem is if I try to access teh site over SSL, all the CSS and JS are loaded from the http version of the site, causing there to be a ton of errors… (Unless I load unsafe scripts).

I’m not sure how to let the install know to use the new SSL version of the site. I changed the app install URL in the settings, however that did not do much.

Thanks in advance!

Thanks, that’s great to hear :slight_smile:

Maybe some of the info here will help:

https://github.com/invoiceninja/invoiceninja/issues/1393

Thanks for the swift reply! Unfortunately… that didn’t work :confused: Still loading from the old link it looks like :confused: the http one

Here’s another one:

https://github.com/invoiceninja/dockerfiles/issues/14

YES! Thank you!

Adding this to the nginx.conf fixed it!

fastcgi_param HTTPS 1;

Awesome, glad to hear it’s working!

Hi,

I’m struggling with the same issue.

Where exactly do you add fastcgi_param HTTPS 1; ?

Concretely speaking, I’m using Caprover (PaaS like Heroku) and there I set up invoice ninja on a docker container.

Here is my nginx config


<%
if (s.forceSsl) {
%>
    server {

        listen       80;

        server_name  <%-s.publicDomain%>;

        # Used by Lets Encrypt
        location /.well-known/acme-challenge/ {
            root <%-s.staticWebRoot%>;
        }

        # Used by CapRover for health check
        location /.well-known/captain-identifier {
            root <%-s.staticWebRoot%>;
        }

        location / {
            return 302 https://$http_host$request_uri$is_args$query_string;
        }
    }
<%
}
%>

server {

    <%
    if (!s.forceSsl) {
    %>
        listen       80;
    <%
    }
    if (s.hasSsl) {
    %>
        listen              443 ssl;
        ssl_certificate     <%-s.crtPath%>;
        ssl_certificate_key <%-s.keyPath%>;

        ssl_session_cache   shared:SSL:20m;
        ssl_session_timeout 1d;
        ssl_session_tickets off;

        # Mozilla Intermediate configuration. tweak to your needs.
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers xxxxxxxxxxxxxxx;
        ssl_prefer_server_ciphers off;
    <%
    }
    %>

        client_max_body_size 500m;

        server_name  <%-s.publicDomain%>;

        # 127.0.0.11 is DNS set up by Docker, see:
        # https://docs.docker.com/engine/userguide/networking/configure-dns/
        # https://github.com/moby/moby/issues/20026
        resolver 127.0.0.11 valid=10s;
        # IMPORTANT!! If you are here from an old thread to set a custom port, you do not need to modify this port manually here!!
        # Simply change the Container HTTP Port from the dashboard HTTP panel
        set $upstream http://<%-s.localDomain%>:<%-s.containerHttpPort%>;

        location / {

    <%
    if (s.httpBasicAuthPath) {
    %>
            auth_basic           "Restricted Access";
            auth_basic_user_file <%-s.httpBasicAuthPath%>; 
    <%
    }
    %>

            proxy_pass $upstream;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

    <%
    if (s.websocketSupport) {
    %>
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
    <%
    }
    %>
        }

        # Used by Lets Encrypt
        location /.well-known/acme-challenge/ {
            root <%-s.staticWebRoot%>;
        }
        
        # Used by CapRover for health check
        location /.well-known/captain-identifier {
            root <%-s.staticWebRoot%>;
        }

        error_page 502 /captain_502_custom_error_page.html;
        location = /captain_502_custom_error_page.html {
                root <%-s.customErrorPagesDirectory%>;
                internal;
        }
}

I’m not very familiar with nginx so would really appreciate your help.

Cheers,

Konrad