Ryfujk

How to name indistinguishable henchmen in a screenplay?

New Order #6: Easter Egg

As a dual citizen, my US passport will expire one day after traveling to the US. Will this work?

Inverse square law not accurate for non-point masses?

Should man-made satellites feature an intelligent inverted "cow catcher"?

Do i imagine the linear (straight line) homotopy in a correct way?

What is "Lambda" in Heston's original paper on stochastic volatility models?

Vertical ranges of Column Plots in 12

How does TikZ render an arc?

How to infer difference of population proportion between two groups when proportion is small?

How to make an animal which can only breed for a certain number of generations?

How do I say "this must not happen"?

3D Masyu - A Die

Does the Rock Gnome trait Artificer's Lore apply when you aren't proficient in History?

Besides transaction validation, are there any other uses of the Script language in Bitcoin

By what mechanism was the 2017 UK General Election called?

Google .dev domain strangely redirects to https

Why not use the yoke to control yaw, as well as pitch and roll?

Did John Wesley plagiarize Matthew Henry...?

Did pre-Columbian Americans know the spherical shape of the Earth?

Why are two-digit numbers in Jonathan Swift's "Gulliver's Travels" (1726) written in "German style"?

Why complex landing gears are used instead of simple, reliable and light weight muscle wire or shape memory alloys?

Pointing to problems without suggesting solutions

How do I find my Spellcasting Ability for my D&D character?

Mixed content http https and haproxy

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

0

I have a problem with haproxy and mixed content. When I try to connect through haproxy ssl, the browser (in this case either Firefox or Chrome), in default configuration, blocks the mixed content - in this case the http connections. This does not happen when I try to connect without the haproxy.

What could cause this?

For reference:

I have installed haproxy version 1.5.11

haproxy -v
HA-Proxy version 1.5.11 2015/01/31
Copyright 2000-2015 Willy Tarreau

with this configuration:

global



log         127.0.0.1 local2



chroot      /var/lib/haproxy

pidfile     /var/run/haproxy.pid

maxconn     4000

user        haproxy

group       haproxy

stats timeout 30s

debug

daemon



# turn on stats unix socket

stats socket /var/lib/haproxy/admin.sock mode 660 level admin



# Default SSL material locations

ca-base /etc/ssl/certs

crt-base /etc/ssl/private



# Default ciphers to use on SSL-enabled listening sockets.

# For more information, see ciphers(1SSL).



ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4

    SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL



defaults



log     global

mode    http

option  httplog

option  dontlognull

timeout connect 5000

timeout client  50000

timeout server  50000





frontend  webphp53_http



bind *:80

bind *:443 ssl crt /etc/ssl/private/cert.pem

    mode http

default_backend webphp53_servers



backend webphp53_servers



mode http

    balance roundrobin

    option forwardfor

    http-request set-header X-Forwarded-Port %[dst_port]

    http-request add-header X-Forwarded-Proto https if { ssl_fc }

option httpchk HEAD / HTTP/1.1rnHost:localhost

server php53_node1 192.168.127.67:80 check

server php53_node2 192.168.127.68:80 check

haproxy

share|improve this question

edited Feb 12 '15 at 16:07

BE77Y

2,36031422

asked Feb 12 '15 at 14:40

user1439861user1439861

42

bumped to the homepage by Community♦ 17 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  possible duplicate of How to solve nginx reverse proxy mixed content(http, https) (the backend setup is not relevant to the question).
  
  – AD7six
  Feb 12 '15 at 16:12
  
  
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  This has (almost) nothing to do with your backend setup. The problem is you are loading a html page over https which references resources with http i.e. <script src="http://whatever...">.
  
  – AD7six
  Feb 12 '15 at 16:13
  
  
  

  
  
  
  

add a comment | 

0

I have a problem with haproxy and mixed content. When I try to connect through haproxy ssl, the browser (in this case either Firefox or Chrome), in default configuration, blocks the mixed content - in this case the http connections. This does not happen when I try to connect without the haproxy.

What could cause this?

For reference:

I have installed haproxy version 1.5.11

haproxy -v
HA-Proxy version 1.5.11 2015/01/31
Copyright 2000-2015 Willy Tarreau

with this configuration:

global



log         127.0.0.1 local2



chroot      /var/lib/haproxy

pidfile     /var/run/haproxy.pid

maxconn     4000

user        haproxy

group       haproxy

stats timeout 30s

debug

daemon



# turn on stats unix socket

stats socket /var/lib/haproxy/admin.sock mode 660 level admin



# Default SSL material locations

ca-base /etc/ssl/certs

crt-base /etc/ssl/private



# Default ciphers to use on SSL-enabled listening sockets.

# For more information, see ciphers(1SSL).



ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4

    SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL



defaults



log     global

mode    http

option  httplog

option  dontlognull

timeout connect 5000

timeout client  50000

timeout server  50000





frontend  webphp53_http



bind *:80

bind *:443 ssl crt /etc/ssl/private/cert.pem

    mode http

default_backend webphp53_servers



backend webphp53_servers



mode http

    balance roundrobin

    option forwardfor

    http-request set-header X-Forwarded-Port %[dst_port]

    http-request add-header X-Forwarded-Proto https if { ssl_fc }

option httpchk HEAD / HTTP/1.1rnHost:localhost

server php53_node1 192.168.127.67:80 check

server php53_node2 192.168.127.68:80 check

haproxy

share|improve this question

edited Feb 12 '15 at 16:07

BE77Y

2,36031422

asked Feb 12 '15 at 14:40

user1439861user1439861

42

bumped to the homepage by Community♦ 17 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  possible duplicate of How to solve nginx reverse proxy mixed content(http, https) (the backend setup is not relevant to the question).
  
  – AD7six
  Feb 12 '15 at 16:12
  
  
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  This has (almost) nothing to do with your backend setup. The problem is you are loading a html page over https which references resources with http i.e. <script src="http://whatever...">.
  
  – AD7six
  Feb 12 '15 at 16:13
  
  
  

  
  
  
  

add a comment | 

I have a problem with haproxy and mixed content. When I try to connect through haproxy ssl, the browser (in this case either Firefox or Chrome), in default configuration, blocks the mixed content - in this case the http connections. This does not happen when I try to connect without the haproxy.

What could cause this?

For reference:

I have installed haproxy version 1.5.11

haproxy -v
HA-Proxy version 1.5.11 2015/01/31
Copyright 2000-2015 Willy Tarreau

with this configuration:

global



log         127.0.0.1 local2



chroot      /var/lib/haproxy

pidfile     /var/run/haproxy.pid

maxconn     4000

user        haproxy

group       haproxy

stats timeout 30s

debug

daemon



# turn on stats unix socket

stats socket /var/lib/haproxy/admin.sock mode 660 level admin



# Default SSL material locations

ca-base /etc/ssl/certs

crt-base /etc/ssl/private



# Default ciphers to use on SSL-enabled listening sockets.

# For more information, see ciphers(1SSL).



ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4

    SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL



defaults



log     global

mode    http

option  httplog

option  dontlognull

timeout connect 5000

timeout client  50000

timeout server  50000





frontend  webphp53_http



bind *:80

bind *:443 ssl crt /etc/ssl/private/cert.pem

    mode http

default_backend webphp53_servers



backend webphp53_servers



mode http

    balance roundrobin

    option forwardfor

    http-request set-header X-Forwarded-Port %[dst_port]

    http-request add-header X-Forwarded-Proto https if { ssl_fc }

option httpchk HEAD / HTTP/1.1rnHost:localhost

server php53_node1 192.168.127.67:80 check

server php53_node2 192.168.127.68:80 check

haproxy

share|improve this question

edited Feb 12 '15 at 16:07

BE77Y

2,36031422

asked Feb 12 '15 at 14:40

user1439861user1439861

42

global



log         127.0.0.1 local2



chroot      /var/lib/haproxy

pidfile     /var/run/haproxy.pid

maxconn     4000

user        haproxy

group       haproxy

stats timeout 30s

debug

daemon



# turn on stats unix socket

stats socket /var/lib/haproxy/admin.sock mode 660 level admin



# Default SSL material locations

ca-base /etc/ssl/certs

crt-base /etc/ssl/private



# Default ciphers to use on SSL-enabled listening sockets.

# For more information, see ciphers(1SSL).



ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4

    SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL



defaults



log     global

mode    http

option  httplog

option  dontlognull

timeout connect 5000

timeout client  50000

timeout server  50000





frontend  webphp53_http



bind *:80

bind *:443 ssl crt /etc/ssl/private/cert.pem

    mode http

default_backend webphp53_servers



backend webphp53_servers



mode http

    balance roundrobin

    option forwardfor

    http-request set-header X-Forwarded-Port %[dst_port]

    http-request add-header X-Forwarded-Proto https if { ssl_fc }

option httpchk HEAD / HTTP/1.1rnHost:localhost

server php53_node1 192.168.127.67:80 check

server php53_node2 192.168.127.68:80 check

share|improve this question

edited Feb 12 '15 at 16:07

BE77Y

2,36031422

asked Feb 12 '15 at 14:40

user1439861user1439861

42

share|improve this question

edited Feb 12 '15 at 16:07

BE77Y

2,36031422

asked Feb 12 '15 at 14:40

user1439861user1439861

42

edited Feb 12 '15 at 16:07

BE77Y

2,36031422

edited Feb 12 '15 at 16:07

BE77Y

2,36031422

asked Feb 12 '15 at 14:40

user1439861user1439861

42

asked Feb 12 '15 at 14:40

user1439861user1439861

42

2 Answers
2

active

oldest

votes

0

Mixed content is blocked outright if the domains are different. Make sure that when you switch to using the load balancer, the mixed content in the page is using the same server name.

share|improve this answer

answered Feb 12 '15 at 15:11

longnecklongneck

20.9k24075

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, the mixed content is in the same server. When I try to connect without the haproxy the browser alert of the mixed content but no block the content.
  
  – user1439861
  Feb 12 '15 at 15:28
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I have observed that only blocks javascript and css content.
  
  – user1439861
  Feb 12 '15 at 15:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  It's not if the domains are different - it's if the protocol is not https for a https main-request.
  
  – AD7six
  Feb 12 '15 at 16:14
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  This is because of the CORS specification - it is a separate issue from mixed content.
  
  – James Shewey
  Sep 23 '17 at 4:44
  

  
  
  
  

add a comment | 

0

I have found that the problem only occurs when you use a CMS like Drupal and Wordpress, I found the solution force both to use https, in the case of Drupal editing sites/default/settings.php uncomment the line:

$base_url = 'https://domain_name_blablabla';

In the case of Wordpress it's necessary to install Wordpress HTTPS (SSL) plugin https://wordpress.org/plugins/wordpress-https/

share|improve this answer

answered Feb 23 '15 at 9:46

user1439861user1439861

42

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f667115%2fmixed-content-http-https-and-haproxy%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

Mixed content is blocked outright if the domains are different. Make sure that when you switch to using the load balancer, the mixed content in the page is using the same server name.

share|improve this answer

answered Feb 12 '15 at 15:11

longnecklongneck

20.9k24075

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, the mixed content is in the same server. When I try to connect without the haproxy the browser alert of the mixed content but no block the content.
  
  – user1439861
  Feb 12 '15 at 15:28
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I have observed that only blocks javascript and css content.
  
  – user1439861
  Feb 12 '15 at 15:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  It's not if the domains are different - it's if the protocol is not https for a https main-request.
  
  – AD7six
  Feb 12 '15 at 16:14
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  This is because of the CORS specification - it is a separate issue from mixed content.
  
  – James Shewey
  Sep 23 '17 at 4:44
  

  
  
  
  

add a comment | 

0

Mixed content is blocked outright if the domains are different. Make sure that when you switch to using the load balancer, the mixed content in the page is using the same server name.

share|improve this answer

answered Feb 12 '15 at 15:11

longnecklongneck

20.9k24075

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Yes, the mixed content is in the same server. When I try to connect without the haproxy the browser alert of the mixed content but no block the content.
  
  – user1439861
  Feb 12 '15 at 15:28
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I have observed that only blocks javascript and css content.
  
  – user1439861
  Feb 12 '15 at 15:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  It's not if the domains are different - it's if the protocol is not https for a https main-request.
  
  – AD7six
  Feb 12 '15 at 16:14
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  This is because of the CORS specification - it is a separate issue from mixed content.
  
  – James Shewey
  Sep 23 '17 at 4:44
  

  
  
  
  

add a comment | 

Mixed content is blocked outright if the domains are different. Make sure that when you switch to using the load balancer, the mixed content in the page is using the same server name.

share|improve this answer

answered Feb 12 '15 at 15:11

longnecklongneck

20.9k24075

share|improve this answer

answered Feb 12 '15 at 15:11

longnecklongneck

20.9k24075

answered Feb 12 '15 at 15:11

longnecklongneck

20.9k24075

answered Feb 12 '15 at 15:11

longnecklongneck

20.9k24075

0

I have found that the problem only occurs when you use a CMS like Drupal and Wordpress, I found the solution force both to use https, in the case of Drupal editing sites/default/settings.php uncomment the line:

$base_url = 'https://domain_name_blablabla';

In the case of Wordpress it's necessary to install Wordpress HTTPS (SSL) plugin https://wordpress.org/plugins/wordpress-https/

share|improve this answer

answered Feb 23 '15 at 9:46

user1439861user1439861

42

add a comment | 

0

I have found that the problem only occurs when you use a CMS like Drupal and Wordpress, I found the solution force both to use https, in the case of Drupal editing sites/default/settings.php uncomment the line:

$base_url = 'https://domain_name_blablabla';

In the case of Wordpress it's necessary to install Wordpress HTTPS (SSL) plugin https://wordpress.org/plugins/wordpress-https/

share|improve this answer

answered Feb 23 '15 at 9:46

user1439861user1439861

42

add a comment | 

I have found that the problem only occurs when you use a CMS like Drupal and Wordpress, I found the solution force both to use https, in the case of Drupal editing sites/default/settings.php uncomment the line:

$base_url = 'https://domain_name_blablabla';

In the case of Wordpress it's necessary to install Wordpress HTTPS (SSL) plugin https://wordpress.org/plugins/wordpress-https/

share|improve this answer

answered Feb 23 '15 at 9:46

user1439861user1439861

42

share|improve this answer

answered Feb 23 '15 at 9:46

user1439861user1439861

42

answered Feb 23 '15 at 9:46

user1439861user1439861

42

answered Feb 23 '15 at 9:46

user1439861user1439861

42