0

Hi can someone help to check the nginx conf file?

Old and new images upload to my site are causing mixed content error. So, if I change the source code it won't solve the prob. I think it's caused by nginx conf file -request .The images are available on https and ssl cert works fine

example error: Mixed Content: The page at 'https://la-par.com/' was loaded over HTTPS, but requested an insecure image 'http://la-par.com/content/images/thumbs/5e2d83aeaac992042f5965a4.png'. This content should also be served over HTTPS.

etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    /* Handle HTTPS Protocol */

    if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

        $_SERVER['HTTPS']='on';

    #gzip  on;

/etc/nginx/conf.d/default.conf

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name la-par.com www.la-par.com;


    # Added this to prevent man in the middle attacks
    add_header Strict-Transport-Security "max-age=31536000"; 

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root /var/www/la-par.com/html;
        index index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

Many thanks

Piotr P. Karwasz
  • 5,748
  • 2
  • 11
  • 21
Nur Kamal
  • 1
  • If you want to serve all pages through TLS, the port `80` `server` section should just contain a redirect to the HTTPS port. BTW you didn't include the HTTPS server config. – Piotr P. Karwasz Jan 26 '20 at 21:40

1 Answers1

0

If your site worked correctly (without mixed content error/s) in SSL when using Apache, the above configuration should work too.

Wed
  • 15
  • 9