Mixed Content Block stops login

Hello I am running this using docker compose and traefik as reverse proxy

docker-compose.yaml:

version: '3.5'

services:
  server:
    container_name: crm1
    image: cortezaproject/corteza-server:2021.3
    restart: always
    volumes:
      - site-data:/data
    environment:
      DOMAIN : ${DOMAIN}
      DB_DSN : dbuser:dbpass@tcp(db:3306)/dbname?collation=utf8mb4_general_ci
      LOG_DEBUG : "true"
      LOG_LEVEL : "DEBUG"
      HTTP_WEBAPP_ENABLED : "true"
      AUTH_JWT_SECRET : secret
    depends_on: [ db ]
    networks:
      - crmnet
      - traefik-public
    deploy:
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.crm-app.entrypoints=http
        - traefik.http.routers.crm-app.rule=Host(`${DOMAIN}`,`www.${DOMAIN}`)  
        - traefik.http.routers.crm-app.middlewares=https-redirect
        - traefik.http.routers.crm-app-secure.entrypoints=https
        - traefik.http.routers.crm-app-secure.rule=Host(`${DOMAIN}`,`www.${DOMAIN}`) 
        - traefik.http.routers.crm-app-secure.tls=true
        - traefik.http.routers.crm-app-secure.tls.certresolver=le
        - traefik.http.routers.crm-app-secure.service=crm1
        - traefik.http.services.crm1.loadbalancer.server.port=80

  db:
    image: percona:8.0
    volumes:
      - db-data:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: dbpass
      MYSQL_DATABASE: dbname
      MYSQL_USER: dbuser
      MYSQL_PASSWORD: dbpass
    restart: always
    networks:
      - crmnet
    healthcheck: { test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"], timeout: 20s, retries: 10 }
    
networks:
  traefik-public:
    external: true
  crmnet:

  
volumes:
  db-data:
  site-data:

and after login firefox throws this error:
Blocked loading mixed active content “http://domain.tld/auth/oauth2/default-client”

and a stuck login process with a blank page

in the config.js which is shown in the firefox debugger this is listed:
window.CortezaAuth = 'http://domain.tld/auth';

this should be https

is there a way to force https in this url?

i already tried auth_base_url but that didn’t change anything

Hi

Try adding HTTP_SSL_TERMINATED=true to your env vars.

Apologies @scientes I’ve referenced an option that is part of the next release.

What you can do here is set LETSENCRYPT_HOST variable (any kind of value). This tells corteza server that some software in front of it will handle SSL and it needs to use HTTPS URL schema.

Why this name? Because we are (usually) relying on Docker Hub to manage SSL certificates and we can control that with LETSENCRYPT_HOST.

We recognised this approach as a bit too narrow-minded and prepared HTTP_SSL_TERMINATED to be supported (in Septembers release - 2021.9).

1 Like