I am running invoiceninja using docker and am using this container as a reverse proxy: https://github.com/jwilder/nginx-proxy and it works well but as soon as I start redirecting all HTTP to HTTPS invoiceninja starts looking funny as in mixed content doesn’t get displayed.
I found this thread here https://www.invoiceninja.com/forums/topic/unable-to-secure-site-with-ssl-with-pound-reverse-proxy-server/ which seems to deal with the exact same problem I am having but the solution doesn’t seem to work for me.
In my dockerfile to build invoiceninja I set the trustedproxy both for my external and for my internal range docker is using:
I have not set these as invoiceninja isn’t supposed to run on https as the proxy connects to it via http but serves https to visitors
I have also set this header in my proxy:
proxy_set_header X-Forwarded-Proto https;
it used to be:
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
Any more pointers?
Thanks for the pointers, I had not seen the github page. None of those links add anything new to my issue, I think it would be good to post all my config files should I do so ehre or open a separate github issue instead?
The forum is a better place, if you create a GitHub issue it will likely be closed.
I’m not sure posting your configs will help (if you do please be sure to remove any sensitive data).
Well, it clearly works for others so I am sure its a simple mixup of variables so here are my config files:
docker-compose.yml => https://pastebin.com/AWWfNC5N
.env => https://pastebin.com/wFjVQsAY
general proxy settings => https://pastebin.com/8Swc0RqH
extra changed config for this vhost => https://pastebin.com/S7FE32Tw
Can someone spot what is wrong here? This is what the proxied front-end looks like with the above settings => http://take.ms/Qewlb
Had the same problem, adding the following line in the nginx config file saved my live:
fastcgi_param HTTPS 1;
Thanks for sharing your solution!
thanks, will give it a try and report back here!
This saved my life too!! Was sitting 2 sleepless days trying to figure this out.
So if you have invoiceNinja sitting on another server in the SAME LAN as the Reverse Proxy Server, you will need to have this setting fastcgi_param HTTPS 1; on the backend NGINX of InvoiceNinja, and at the same time disable the following from .env:
Otherwise your InvoiceNinja Server tries to redirect to https and then your Proxy is not able to Proxy https anymore. InvoiceNinja Server is the backend and must listen on a non-http port.
Would be nice to know if anyone was able to secure their backend communication between Reverse Proxy and InvoiceNinja backend…?