Madsonic+nginx+https = broken buttons
-
- Contributor
- Posts: 21
- Joined: 15 Jun 2016, 08:24
- Has thanked: 0
- Been thanked: 6 times
Madsonic+nginx+https = broken buttons
If you place Madsonic as HTTP backend for nginx with HTTPS frontend you get broken button "Settings" in the left tab. But "Profile" has no problem.
This bug came from Subsonic.
Chrome DevConsole:
Mixed Content: The page at 'https:...' was loaded over HTTPS, but requested an insecure resource 'http:...'. This request has been blocked; the content must be served over HTTPS.
This bug came from Subsonic.
Chrome DevConsole:
Mixed Content: The page at 'https:...' was loaded over HTTPS, but requested an insecure resource 'http:...'. This request has been blocked; the content must be served over HTTPS.
Last edited by StalkerNOVA on 16 Jun 2016, 00:58, edited 1 time in total.
-
- Contributor
- Posts: 21
- Joined: 15 Jun 2016, 08:24
- Has thanked: 0
- Been thanked: 6 times
- Madsonic
- Administrator
- Posts: 984
- Joined: 07 Dec 2012, 03:58
- Has thanked: 1201 times
- Been thanked: 470 times
Re: Madsonic+nginx+https = broken buttons
Hi there,
i setup a example enviroment as follow:
*) install Madsonic server with default settings
*) install or update nginx
*) create selfsign cert
*) edit nginx config
*) replace nginx config
*) restart services
*) try to access Madsonic local
*) try to access Madsonic over nginx
Hope this help you to check your config!
PS: i send you a PM with a newer Madsonic build with several bug fixes.
Best regards
i setup a example enviroment as follow:
*) install Madsonic server with default settings
*) install or update nginx
*) create selfsign cert
Code: Select all
cd /etc/nginx
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt
Code: Select all
sudo nano /etc/nginx/sites-enabled/default
Code: Select all
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name localhost; # Replace localhost with your.domain.com
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/madsonic.access.log;
error_log /var/log/nginx/madsonic.error.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:4040;
proxy_redirect http:// https://;
proxy_read_timeout 90;
}
}
Code: Select all
sudo service madsonic restart
sudo service nginx restart
Code: Select all
http://localhost:4040
Code: Select all
http://localhost
PS: i send you a PM with a newer Madsonic build with several bug fixes.
Best regards
-
- Contributor
- Posts: 21
- Joined: 15 Jun 2016, 08:24
- Has thanked: 0
- Been thanked: 6 times
Re: Madsonic+nginx+https = broken buttons
Steps to reproduce:
May be it would not be a problem without option for nginx (but it's the best practice if you don't ban frames completely):
- disable redirect from 80 to 443
- allow proxy from 80 to madsonic 4040
- open madsonic with admin user
- right click at settings and open in new tab
- For short time link https /settings.view will be opened
- Instantly you'll be redirected to http /adminSettings.view
May be it would not be a problem without option for nginx (but it's the best practice if you don't ban frames completely):
Code: Select all
add_header X-Frame-Options SAMEORIGIN;
-
- Contributor
- Posts: 21
- Joined: 15 Jun 2016, 08:24
- Has thanked: 0
- Been thanked: 6 times
Re: Madsonic+nginx+https = broken buttons
There are lots of links directly to http... They got visible if you make separate logs for http and https at nginx...
Making Madsonic https behind nginx isn't a good idea because https overhead gets even bigger (Madsonic encode traffic to https, nginx decode it and encode it again to transfer to end user).
At 80 and 443 ports I've many other services so can't dedicate them to Madsonic directly. Other ports are not always available from corporate networks.
Making Madsonic https behind nginx isn't a good idea because https overhead gets even bigger (Madsonic encode traffic to https, nginx decode it and encode it again to transfer to end user).
At 80 and 443 ports I've many other services so can't dedicate them to Madsonic directly. Other ports are not always available from corporate networks.
-
- Posts: 2
- Joined: 11 Oct 2016, 20:40
- Has thanked: 0
- Been thanked: 1 time
Re: Madsonic+nginx+https = broken buttons
I've also been bitten by this issue. The workaround for Nginx (using proxy_redirect) doesn't work for me since I use Caddy server to reverse proxy to Madsonic, and it doesn't have an equivalent method to rewrite the Location header going back to the client. I'd hate to have to migrate back to Nginx or Apache just because of this, so a bug fix would be really appreciated.
Looks like Subsonic also has this problem and it even has an outstanding patch to fix it, maybe that could come in handy? (Patch #23 on Sourceforce, sorry I can't link it).
Looks like Subsonic also has this problem and it even has an outstanding patch to fix it, maybe that could come in handy? (Patch #23 on Sourceforce, sorry I can't link it).
- These users thanked the author PurellAdvanced for the post:
- Madsonic
- Rating: 7.69%
- Madsonic
- Administrator
- Posts: 984
- Joined: 07 Dec 2012, 03:58
- Has thanked: 1201 times
- Been thanked: 470 times
-
- Posts: 2
- Joined: 11 Oct 2016, 20:40
- Has thanked: 0
- Been thanked: 1 time
-
- Contributor
- Posts: 21
- Joined: 15 Jun 2016, 08:24
- Has thanked: 0
- Been thanked: 6 times
Re: Madsonic+nginx+https = broken buttons
BTW "Settings" button do not work. "Userprofile" has no problem.
When you rate smth stars do not show new rating until you refresh page (or go somewhere else and than return back to the page).
When you rate smth stars do not show new rating until you refresh page (or go somewhere else and than return back to the page).