Mixed content http https and haproxy

Question

I have a problem with haproxy and mixed content. When I try to connect through haproxy ssl, the browser (in this case either Firefox or Chrome), in default configuration, blocks the mixed content - in this case the http connections. This does not happen when I try to connect without the haproxy.

What could cause this?

For reference:

I have installed haproxy version 1.5.11

with this configuration:

global

log         127.0.0.1 local2

chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy
group       haproxy
stats timeout 30s
debug
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/admin.sock mode 660 level admin

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).

ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4
    SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

defaults

log     global
mode    http
option  httplog
option  dontlognull
timeout connect 5000
timeout client  50000
timeout server  50000


frontend  webphp53_http

bind *:80
bind *:443 ssl crt /etc/ssl/private/cert.pem
    mode http
default_backend webphp53_servers

backend webphp53_servers

mode http
    balance roundrobin
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server php53_node1 192.168.127.67:80 check
server php53_node2 192.168.127.68:80 check

possible duplicate of [How to solve nginx reverse proxy mixed content(http, https)](http://serverfault.com/questions/659029/how-to-solve-nginx-reverse-proxy-mixed-contenthttp-https) (the backend setup is not relevant to the question). — AD7six, Feb 12 '15 at 16:12
This has (almost) nothing to do with your backend setup. The problem is you are loading a html page over https which references resources with http i.e. ` — AD7six, Feb 12 '15 at 16:13

score 0 · Answer 1 · answered Feb 12 '15 at 15:11

0

Mixed content is blocked outright if the domains are different. Make sure that when you switch to using the load balancer, the mixed content in the page is using the same server name.

answered Feb 12 '15 at 15:11

longneck

23,082
4
52
86

Yes, the mixed content is in the same server. When I try to connect without the haproxy the browser alert of the mixed content but no block the content. – user1439861 Feb 12 '15 at 15:28
I have observed that only blocks javascript and css content. – user1439861 Feb 12 '15 at 15:42
1

It's not `if the domains are different` - it's if the _protocol_ is not https for a https main-request. – AD7six Feb 12 '15 at 16:14
This is because of the [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) specification - it is a separate issue from mixed content. – James Shewey Sep 23 '17 at 04:44

score 0 · Answer 2 · answered Feb 23 '15 at 09:46

I have found that the problem only occurs when you use a CMS like Drupal and Wordpress, I found the solution force both to use https, in the case of Drupal editing sites/default/settings.php uncomment the line:

$base_url = 'https://domain_name_blablabla';

In the case of Wordpress it's necessary to install Wordpress HTTPS (SSL) plugin https://wordpress.org/plugins/wordpress-https/

Mixed content http https and haproxy

2 Answers2