Cardiak
February 18, 2018, 3:41pm
1
Hey. I have configured seafile with nginx and ssl. However when i send something to group discussion the resized profile picture is being served over http (causing that yellow warn sign on firefox)
(i have also hsts enabled)
the resized profile pic is code:<img src="http://mysite.fi/media/avatars/8/f/339334a43685335af09c8bd6f39671/resized/64/3f78460b3ea7cbe4430f8a2e611857e7.png" alt="" class="avatar-circle fleft" width="32">
just opening the mysite.fi/media/avatars/8/f/339334a43685335af09c8bd6f39671/resized/64/3f78460b3ea7cbe4430f8a2e611857e7.png displays the picture on https page
1 Like
Hi, can confirm this:
My nginx-config:
server {
listen 80;
server_name seafile.mydomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name seafile.mydomain.com
ssl on;
ssl_protocols TLSv1.2;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
access_log /var/log/nginx/001-seafile.access.log;
error_log /var/log/nginx/001-seafile.error.log;
client_max_body_size 0;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /home/seafile/seafile-server-latest/seahub;
access_log /var/log/nginx/001-seafile.access.log;
error_log /var/log/nginx/001-seafile.access.log;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8081;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
access_log /var/log/nginx/001-seafdav.access.log;
error_log /var/log/nginx/001-seafdav.error.log;
}
}
2 Likes
