Insecure Content when using https


#1

After installing reDash and configuring it to use SSL, I am getting mixed content warnings and app won’t render in Chome. I looked at the source for the login page and the base href is “http” rather than “https”. I am running reDash in AWS and the reDash instance is behind an elastic load balancer. I’m thinking I missed an obvious step in configuration. Might you have a suggestion to fix?

Thanks,
dmill


#2

How did you configure your proxy (Nginx?)? Did you configure it to pass a X-Forwarded-Proto header?

See reference nginx configuration in the docs.


#3

Yes, I used proxy_set_header X-Forwarded-Proto $scheme; However, since the redash EC2 instance is behind an Elastic Load Balancer and not talking to the ELB via https, I just commented out the proxy_set_header X-Forwarded-Proto $scheme; line under the default server (port 80) in the redash nginx config file and it works now!

Thanks,
dmil


#4

You can also use the following header:

 proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;

#5

Could be useful to mention it in the docs http://docs.redash.io/en/latest/misc/ssl.html
Or maybe add ssl conf example as an additional file in the nginx available (though not enabled) sites.