I am attempting to get invoice ninja working through HAProxy, I have run into an issue where HAProxy displays mixed content, so far I have done the following:
on invoiceninja:
added TRUSTED_PROXIES='111.222.333.444/24 to my .env file
running with require_https set to false
on HAProxy:
tried adding http-request header set to name: X-Forwarded-Proto, fmt https to my HAProxy frontend actions
the backend is configured to not use SSL, and is just accessing via http on port 80.
at this point I’m getting some mixed content, running with require https true results in a redirect error from the client browser, telling HAProxy to connect using SSL on port 80 or 443 results in HAProxy giving a 503 error, I suspect I could solve this by just using a self-signed cert on invoiceninja, running it truly as an SSL encrypted web server, instead of this forcing https traffic over an http connection to the load balancer, then just using that self-signed cert for communication between HAProxy and invoiceninja, but thats an extra layer of work that I don’t know if i really wanna take on if theres a way I can do this without involving additional certs and configuration.
Suggestions on fixing the mixed content issue before I go about running the whole server with a self signed?
I use HAProxy and have personally tested this nginx config.
In my case HAProxy handles SSL termination, so the traffic is over port 80, but the URL is still https. This is how I resolved the mixed content issues.
If on the Invoice Ninja container you use nginx, then just force https:
If you use Apache, something similar to this should work, I did not test the apache variant, but have used something similar to this in the past with other projects: