This connection is not secure. Logins entered here could be compromised

phillip8

2/27/24, 8:20 PM

This is on Geoserver which uses Jetty/Java. I followed this article on a Debian machine and then added SSL with Certbot (my padlock is fine). The message comes up when I click the user/password input box. It seems like a mixed content warning but I don't know what Nginx or Geoserver configuration I need to change. I have v2.22.2.

server {

    server_name mydomain.com www.mydomain.com;

    location / {
        proxy_pass http://127.0.0.1:8080;
        include proxy_params;
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
}
server {
    if ($host = mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;

    server_name mydomain.com www.mydomain.com;
    return 404; # managed by Certbot

    location / {
        # root /path/to/myapp/public;
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://172.0.0.1:8080;
    }
    add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
}

0 + 8

ssl

nginx

JoelCrypto

2/27/24, 8:24 PM

Please share Nginx conf.

phillip8

2/27/24, 8:32 PM

@JoelCrypto edited. It also could be that Nginx isn't serving my page since when I open the main domain, it says Powered by Eclipse Jetty:// Server.

JoelCrypto

2/27/24, 8:36 PM

Who is listening on port 80 and 443? Did you put https:// ?

phillip8

2/27/24, 10:33 PM

@JoelCrypto I'm using https://. `$ ss -tupln` shows tcp LISTEN 0 511 [::]:80 [::]:*, tcp LISTEN 0 511 [::]:443 [::]:*. Stopping Nginx removes the 80 and 443 mentions.

phillip8

2/27/24, 10:40 PM

@JoelCrypto but ss gives no mention of Nginx or 80/443's processes. But if I stop Nginx, I can't open anything so I guess it is being used.

JoelCrypto

2/28/24, 5:52 AM

Please share results of OpenSSL s_client result on port 443 (certificate and OCSP response) (see man).

Jaromanda X

2/28/24, 6:07 AM

looks like you've gone to `http://www.donationcoder.com` rather than `https://www.donationcoder.com` - so of course the connection is insecure

phillip8

2/28/24, 12:56 PM

@JaromandaX that's just an image I found since I can't snapshot my own screen without the message disappearing. On my actual site I see the message with https.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: This connection is not secure. Logins entered here could be compromised

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.