Join Log in
Score:0
Milen Todorov avatar Server

NGINX reverse proxy mixed content probably config fault

sa flag
Milen Todorov

I'm using Server A (NGINX as web server for WordPress) and Server B (NGINX as reverse proxy) and after getting SSL certs from Let's Encrypt with Certbot on Server B I'm receiving

Mixed Content: The page at 'https://example.net/' was loaded over 
 HTTPS, but requested an insecure script 
'http://xx.xx.xx.xx/wp-includes/js/wp-emoji-release.min.js?ver=5.8'. 
This request has been blocked; the content must be served over HTTPS.

And page is loading without any JPG or CSS.
Server A cfg

server {
            listen 80;
            root /var/www/wordpress;
            index index.php index.html;

            access_log /var/log/nginx/example.access.log;
            error_log /var/log/nginx/example.error.log;

            location / {
                        try_files $uri $uri/ =404;
            }

            location ~ \.php$ {
                         include snippets/fastcgi-php.conf;
                         fastcgi_pass unix:/run/php/php7.4-fpm.sock;
            }

            location ~ /\.ht {
                         deny all;
            }

            location = /favicon.ico {
                         log_not_found off;
                         access_log off;
            }

            location = /robots.txt {
                         allow all;
                         log_not_found off;
                         access_log off;
           }

            location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                         expires max;
                         log_not_found off;
           }

            location /wp-admin/ {
                index index.php
            try_files $uri $uri /index.php?$args;
    }
}

Server B cfg

server {
    if ($host = example.net) {
        return 301 https://example.net$request_uri;
    }

    if ($host = www.example.net) {
        return 301 https://example.net$request_uri;
    }

   server_name example.net www.example.net;
    listen 80;
    return 404;

}
server {
        listen 0.0.0.0:443 ssl http2;

        server_name example.net www.example.net;

         ssl_certificate      /etc/letsencrypt/live/example.net/fullchain.pem;
         ssl_certificate_key  /etc/letsencrypt/live/example.net/privkey.pem;

        location ~ /.well-known/acme-challenge {
                allow all;
        }

    location / {

    proxy_pass            http://xx.xx.xx.xx/;
    proxy_read_timeout    90;
    proxy_connect_timeout 90;
    proxy_redirect        off;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_ssl_server_name on;

    }
}

On Server A is hosted WordPress. Can someone help me because probably my configuration files are messed up.... Thanks in advance.

Solution: added in Nginx cfg:

add_header 'Content-Security-Policy' 'upgrade-insecure-requests';

Also changed in WordPress WordPress Address (URL) and Site Address (URL).

537
0 + 1
Michael Hampton avatar
cz flag
Michael Hampton
Hi, solutions should not be posted above in your **question**, but below in your **answer**.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.