Comments (9)
Chrome however, thinks it knows better:
Ah, of course. My bad.
I've done this live on the running docker container and it seems to work (since my
APP_URL
starts withhttps://
).
The existing file actually looks backward to me... Surely production should be more likely to force https, not dev. I guess that's my bad too.
Also, imo Laravel is breaking things by adding a scheme it thinks is there - It should either force https or not send a scheme at all, which the browser will interpret as "same scheme" and (last I checked) was standards-compliant.
from lychee-docker.
This issue is closed, but is it fixed?
As stated in the last comment:
This will be available in
:dev
once it has rebuilt by settingTRUSTED_PROXIES
.
It is currently only fixed in the :dev
tag. It will be fixed in stable once a new Lychee version is released. You need to set TRUSTED_PROXIES
, which you have not.
from lychee-docker.
@d7415 Ah ok sorry... And thanks for the clarification 😅👍
from lychee-docker.
I think best practice is still to 301 http requests to http which sounds like it would solve (or at least work around) this particular issue.
More correctly, Lychee includes fideloper/proxy
which appears to be designed for this purpose and seems to use app/Http/Middleware/TrustProxies.php
for its configuration. @ildyria may or may not remember why 10.0.2.2
is trusted. That probably needs to a) not be hardcoded as trusted and b) pulled from the environment so that it can be configured easily in .env
or with Docker.
I'll see what those who are more familiar with Laravel have to say though.
from lychee-docker.
I think best practice is still to 301 http requests to http which sounds like it would solve (or at least work around) this particular issue.
You're right, and my nginx config does 301 http://
to https://
. Chrome however, thinks it knows better:
Mixed Content: The page at 'https://domain.tld/install' was loaded over HTTPS, but requested an insecure favicon 'http://domain.tld/installer/assets/img/favicon/favicon-96x96.png'. This request has been blocked; the content must be served over HTTPS.
There are multiple of this failure, one for each static asset.
I've done this live on the running docker container and it seems to work (since my APP_URL
starts with https://
).
from lychee-docker.
I have the following installation:
https in managed by the server + proxy queries via Apache to a VM which handle all the lychee part.
The 10.0.2.2 is probably a local ip that I am using to in this setting (and yes, it probably should be in .env
, just to lazy to do it: "nothing more permanent than a temporary solution").
from lychee-docker.
So that sounds pretty similar to what I have - https handled by nginx and reverse proxied to Lychee (in a Docker container).
I'm curious if you also observe insecure http://
requests being made by the browser though, even though the page is loaded over https://
? i.e, what I described in the initial issue.
Agreed that the particular proxy server IP should definitely not be hard coded.
from lychee-docker.
This will be available in :dev
once it has rebuilt by setting TRUSTED_PROXIES
.
from lychee-docker.
This issue is closed, but is it fixed? Still encountering the described problems. The installer looks like this for me at some point
(url: https://my.domain/install/env
):
With lots of Mixed Content errors in the console.
My `docker-compose.yml` file
version: '3'
services:
lychee_db:
container_name: db
env_file:
- environment.env
image: mariadb:10
networks:
- db-network
restart: always
volumes:
- /my/path/to/db/:/var/lib/mysql
- /my/path/to/logs/:/var/log/mysql
lychee:
image: lycheeorg/lychee
container_name: lychee
volumes:
- ./lychee/conf:/conf
- ./lychee/uploads:/uploads
- ./lychee/sym:/sym
networks:
- lychee
- db-network
- webproxy
env_file:
- environment.env
environment:
- VIRTUAL_HOST=my.domain
- LETSENCRYPT_HOST=my.domain
- PHP_TZ=UTC
- TIMEZONE=UTC
- APP_URL=https://my.domain
- DB_CONNECTION=mysql
- DB_HOST=lychee_db
- DB_PORT=3306
- DB_DATABASE=lychee
- DB_USERNAME=lychee
- STARTUP_DELAY=0
restart: unless-stopped
depends_on:
- lychee_db
networks:
lychee: {}
db-network: {}
webproxy:
external: true
webproxy
refers to the nginx reverse proxy.
from lychee-docker.
Related Issues (20)
- [Enhancement] Support Environment-Variable Configured Administrator Account
- Actions: Add results of "Test PR and Upload to Docker Hub" to "Checks" in PR
- The API documentation in the Lychee instance is inaccessible HOT 9
- Request for option to skip Set Permissions HOT 3
- app.js & app.css cannot be loaded HOT 2
- Lychee gallery not working anymore after recent update. HOT 8
- DB Error on upgrade HOT 4
- DB error since update HOT 5
- Document config parameters that are required for reverse HTTPS proxies HOT 1
- brand new site can't see images HOT 15
- Full source code in the docker image HOT 12
- Error 507 NoWriteAccessOnLogsExceptions HOT 10
- Running on subpath with nginx HOT 1
- Any uploaded or 'php artisisan lychee:sync /path/' image is blank and unviewable. HOT 4
- New environment variables not added to environment file HOT 1
- 404 docker-compose.yml on hub.docker.com HOT 1
- Photos won't show up in gallery HOT 4
- SQL Error
- Connection refused HOT 1
- 500 HttpException Attempt to read property "photo_id" on null HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lychee-docker.