Spreedme behind SSL Nginx proxy

Lox · August 16, 2016, 3:01am

Hello,

I run my Nextcloud install along with Spreedme in an LXD container. It serves Nextcloud and Spreedme over HTTP.
I then have Nginx forwarding HTTPS public connections to the container.

Client ---- HTTPS ----> Nginx on the server ---- HTTP ----> Nginx on the LXD container ---- HTTP ----> Spreedme

Everything works fine but when I launch the Spreedme app, I have an error that prevents it from running:

app.js:219 Mixed Content: The page at 'https://domain.com/nextcloud/apps/spreedme/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://domain.com/webrtc/ws'. This request has been blocked; this endpoint must be available over WSS.

How can I overcome that issue and force spreedme to serve over wss:// ?

EDIT 1: I activated HTTPS for spreedme with proper ssl certs, and of course I edited my NGINX config to proxy to https://127.0.0.1:8443, but I have the same issue.

Lox · August 16, 2016, 4:32am

I solved it by changing the configuration of the NGINX running in the LXD container:

proxy_set_header X-Forwarded-Proto https

Instead of:

proxy_set_header X-Forwarded-Proto $scheme

I don’t figure out what it isn’t passing thru from the client as the front NGINX config has proxy_set_header X-Forwarded-Proto $scheme too … But that works forcing it.

longsleep · August 16, 2016, 7:18am

The reason is that your second Nginx server gets accessed by http and thus the $scheme variable does say http. Your solution is the correct and only one.

Lox · August 17, 2016, 11:23pm

Thanks but isn’t it possible to pass along the X-Forwarded-Proto header to the second Nginx server ?

longsleep · August 19, 2016, 7:26am

Well it is passed along if you add it to the outer Nginx, you just have to pick it up again from the second Nginx (instead of using $scheme there).