Reverse proxy Caddy->Nginx mixed content

I want to reverse proxy a Caddy host to an Nginx running on port 80 (HTTP). This should only be the internal traffic. The client requests in HTTPS but caddy should communicate with Nginx via HTTP.

The problem is that right now I am getting a “Mixed Content” error:

Mixed Content: The page at 'https://thesite.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://thesite.com'. This request has been blocked; the content must be served over HTTPS.

I think there should be a way to solve this but I am not clear about what whay is the best. I know that running the Nginx with HTTPS via a self-signed cretificate would do the thing, but I want to avoid setting a self-signed certificate on Nginx if possible.

My current caddyfile:

(genericheaders) {
        header {
                Strict-Transport-Security "max-age=31536000; includesubdomains; preload"
        }
}

thesite.com {
        import genericheaders
        encode zstd gzip
        reverse_proxy nginx:80
}

Thank you!

Your HTML content should not use absolute URLs with http://example.com in them, i.e. remove the scheme and domain. They should just be a path. That way, the scheme and domain will be inherited from the current request.

To clarify, this is the browser complaining about the HTML, it doesn’t have to do with Caddy at all.

1 Like

Hi, thank you for your reply. I am running Drupal behind that nginx and I don’t know if this is possible as the URLs are generated in Drupal.

You should be able to configure Drupal to recognize that it’s being served behind HTTPS. Caddy passes through X-Forwarded-Proto: https which it can use to be aware. Look at Drupal docs about this.

2 Likes

Thank you. I was able to solve it by adding the following two lines to Drupal’s settings.php file:

$settings['reverse_proxy'] = TRUE;
$settings['reverse_proxy_addresses'] = [@$_SERVER['REMOTE_ADDR']];
2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.