Nginx and Jetty + https

tpenzkofer · December 21, 2023, 6:23pm

Dear all,

I have an apparently common problem with a slightly uncommon setup. I use xwiki+jetty behind an nginx proxy for ssl conversion. Unfortunately, this leads to the xmlhttprequest over http problem, as many of the commands are not converted to https

Mixed Content: The page at ‘https://xxx/xwiki/bin/view/Main/#edit’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://x/xwiki/bin/lock/Main/WebHome?ajax=1&action=edit&language=en’. This request has been blocked; the content must be served over HTTPS.

I tried changing the settings in xwiki.cfg to

xwiki.home=https://xxx:443/
xwiki.url.protocol=https

but to no avail. If I understand correctly, this is not an nginx issue, as the browser already blocks the http requests (and nginx doesn’t even get a chance to rewrite the requests to https)

Any thoughts on how to fix this, all pointers in the current documentation seem to have solutions for tomcat but not jetty

Thank you!

tpenzkofer · December 21, 2023, 7:11pm

Quick update, I exchanged nginx for apache reverse proxy and the error is gone. I’d rather use nginx, any idea how to make this work?

These are the config files for apache:

<VirtualHost *:443>
    ServerName      "xxx"
    SSLEngine on

    SSLCertificateKeyFile xxx.privateKey.pem
    SSLCertificateFile xxx.chain.pem

    <IfModule mod_proxy.c>
        ProxyRequests Off
        <Proxy *>
            Require all granted
        </Proxy>

        ProxyPass /xwiki http://localhost:8080/xwiki
        ProxyPassReverse /xwiki http://localhost:8080/xwiki
    </IfModule>

</VirtualHost>

and nginx:

server {
    listen      80;
    server_name xxx;
    location ~ /.well-known {
        allow all;
    }
    rewrite     ^   https://$server_name$request_uri? permanent;
}

server {
  listen 443 ssl http2 default_server;

  ssl_certificate xxx.chain.pem;
  ssl_certificate_key xxx.privateKey.pem;

  server_name _;

  client_max_body_size 100M;

  access_log /var/log/nginx/xwiki-access.log;
  error_log /var/log/nginx/xwiki-error.log;

  location = / {
    return 301 https://$host/xwiki;
  }

  location /xwiki {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   Host      $host;
    proxy_http_version 1.1;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection 'upgrade';
    proxy_cache_bypass $http_upgrade;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Scheme $scheme;
    proxy_redirect off;
    proxy_pass         http://127.0.0.1:8080/xwiki;
  }
}