3

My application uses Flask-Socketio, Flask and nginx. I read in a post that all HTTP to HTTPS handling must be done at Web Server level and not at Application Server level. I used the rewrite attribute to redirect all HTTP requests as HTTPS requests. This works successfully with static pages. However, when I try to load dynamic content, I get an error stating The page at 'https://localhost/myLoc' was loaded over HTTPS, but displayed insecure content from 'http://localhost/myLoc/more/paths?t=1390397': this content should also be loaded over HTTPS..

Further I get this error also XMLHttpRequest cannot load http://localhost/myLoc/more/paths?t=1390397. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost' is therefore not allowed access.

My nginx.conf file looks like this

server {
    server {
    listen       80;
    server_name  _;
   rewrite ^ https://$host$request_uri? permanent;
}

server {
    gzip  on;
    ssl     on;
    listen 443 ssl;

    server_name     *.mydomain.com;

    ssl_certificate /path/to/nginx/ssl/nginx.crt;
    ssl_certificate_key /path/to/nginx/ssl/nginx.key;

    location /myLoc {
            proxy_pass http://localhost:9001/myLoc;
            proxy_redirect off;
            proxy_buffering off;

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Please help. Do the Flask-SocketIO must also contain the paths to the certificate and key?

Neeleshkumar S
  • 746
  • 11
  • 19
  • Are you loading third party content such as jQuery? – dirn Nov 06 '14 at 15:24
  • How are you referencing your content? It looks like you may be explicitly fetching a resource at `http://localhost/myLoc/more/paths?t=1390397` when it should be relative (without the domain, e.g. `/myLoc/more/paths?t=1390397`) or protocol-relative (without the scheme, e.g. `//localhost/myLoc/more/paths?t=1390397`); ideally, this should be done using `url_for` instead of hard-coded. You also may need to set the `X-Forwaded-Proto` header in your location block and add the `ProxyFix` middleware per [this answer](https://stackoverflow.com/questions/23347387/x-forwarded-proto-and-flask). – jonafato Nov 06 '14 at 18:02
  • @dim: Yes dim, We are using JavaScript and jQuery – Neeleshkumar S Nov 11 '14 at 05:48

1 Answers1

0

Try this:

location /myLoc {
        proxy_pass https://localhost:9001/myLoc;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header Access-Control-Allow-Origin *;
}

But HTTPS offload is prefer way, proxy_pass http:// directive is better, it helps Nginx to get response from backend as soon as possible and close connection. The only requirement is to have backend (which listens port 9901) serve HTTP.

Anatoly
  • 15,298
  • 5
  • 53
  • 77