Hello,
I've moved this to the forums from the
bugtracker id 8864
I am running LimeSurvey 2.05+ under Apache2 running behind an nginx reverse proxy. The latest issue that has come up can be seen from the Google Chrome Development Console output:
[blocked] The page at '
my.site.com/limesurvey/index.php/admin/globalsettings
' was loaded over HTTPS, but ran insecure content from '
my.site.com/limesurvey/tmp/assets/b0284c...ss/bootstrap.min.css
': this content should also be loaded over HTTPS.
Is there a way to tell LimeSurvey to use use protocol relative urls when referencing scripts? e.g. start with "//" instead of "http(s)
/" ?
I'm using a common setup where nginx terminates the SSL connection and proxies via port 80 http upstream to apache2/LimeSurvey.
There might be a clue in function application/helpers/common_helper.php: enforceSSLMode()
$bSSLActive = ((!empty($_SERVER 'HTTPS') && $_SERVER 'HTTPS' != "off")||
(isset($_SERVER 'HTTP_FORWARDED_PROTO') && $_SERVER 'HTTP_FORWARDED_PROTO'=="https")||
(isset($_SERVER 'HTTP_X_FORWARDED_PROTO' ) && $_SERVER 'HTTP_X_FORWARDED_PROTO'=="https"));
So possibly I need to set HTTP_X_FORWARDED_PROTO to 'https' ?
nginx rewrites incoming http to http:
server {
server_name *.mysite.com mysite.com;
listen 80;
listen [::]:80 ipv6only=on;
## redirect all incoming http to https ##
rewrite ^ https://$host$request_uri permanent;
}
nginx listens for https on port 443 in the proxy config file:
location @limesurvey {
proxy_pass http://$service;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Host $server_name;
}
I'm using the default setting from config-defaults.php: $config 'force_ssl' = ''
Thanks for any tips!