0

Since 2 days, our users get the following warning when trying to login on our service:

warning

English version:

The information you're about to submit is not secure

Because this site is using a connection that's not completely secure, your information will be visible to others.

Send anyway   Go back

This is the setup in nginx we use and which worked for the last 3 years without any issue. It still works, but on Chrome it produces the warning.


events {

}

http {

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        try_files $uri $uri/ =404;
    }
}

server {
  listen                443;
  server_name           server.example.com;
  client_max_body_size  100M;

  ssl on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;

  ssl_certificate /etc/certs/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/certs/privkey.pem; # managed by Certbot



    location /ErrorPages/ {
        alias /etc/nginx/ErrorPages/;
        internal;
    }

  
   location / {

    proxy_pass          http://shinyproxy:4000; ### Übernahme der servicenamen aus Docker-compose

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 600s;

    proxy_redirect    off;
    proxy_set_header  Host             $http_host;
    proxy_set_header  X-Real-IP        $remote_addr;
    proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Protocol $scheme;
    proxy_set_header  X-Forwarded-Proto https;

    }

    location /api/ {
        include uwsgi_params;
        uwsgi_pass flask:8080;
    }


   location /auth/ {
   
    proxy_pass          https://keycloak:8443; ### Übernahme der servicenamen aus Docker-compose

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 600s;

    proxy_redirect    off;
    proxy_set_header  Host             $http_host;
    proxy_set_header  X-Real-IP        $remote_addr;
    proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto $scheme;
    proxy_set_header  X-Forwarded-Proto https;

    }
    
}

server {
    if ($host = server.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 ;
    listen [::]:80 ;
    server_name server.example.com;
    return 404; # managed by Certbot
}

}

I found this thread: https://bugs.chromium.org/p/chromium/issues/detail?id=1158169#c49

This seems to explain it. My knowledge with nginx is only quite basic, but can anyone suggest a workaround here?

Data Mastery
  • 101
  • 2

1 Answers1

1

This warning is new in Chrome 86 and occurs when your web applicaton tries to submit a form via HTTP rather than HTTPS (or, as the bug you linked to mentions, responds to such a form submission with an HTTP redirect). Check your web application's HTML form and ensure that it posts to an HTTPS URL, not an HTTP URL, and that any redirects are to HTTPS URLs.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • I updated my post with all server configs. I tried to update ```proxy_pass http://shinyproxy:4000``` to ```proxy_pass https://shinyproxy:4000```, but this results in an SSL Error. What do I have to do? :/ – Data Mastery Dec 16 '20 at 05:07
  • Do you have access to source code? Change http to https? In Forms? Everywhere? – uav Dec 16 '20 at 09:28
  • 1
    I use open source software. I placed an issue in their github repo. When changing that is enough it should be quite easy for them :-) – Data Mastery Dec 16 '20 at 12:47