I have an https website that needs to render an iframe of a external website that only works with http. The external http endpoints is all inside a url like: http://external-website.com/foobar
Browser don't allowed this (mixed content error. http inside https...), so I configured my https website nginx to create a reverse proxy on url /foobar to solve this issue.
Now I call the url: https://my-website/foobar, and that's render the iframe correctly.
The problem is: some buttons inside the iframe application calls hardcored http, and inside my website when I click those buttons, it calls http://my-website/foobar (the reverse proxy I setup but with http instead of https) and this give me mixed content error and the buttons dont work
I need some way to force all requests that go through /foobar to use https.
This is my current nginx.conf
server {
listen 80 default_server;
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
location /foobar/ {
proxy_pass http://external-website.com/foobar/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
}
}