[SOLVED] Not able to run Squidex via SSL

Gaulomatic · December 6, 2018, 1:38pm

I am not able to run it via SSL. Configuration:

Docker on macOS
nginx already running and configured with valid SSL certificates

When I simply clone the docker repo, disable my nginx, configure password etc and fire it up: Nothing, really nothing works. Not using the embedded nginx and switching over to mine, does work most of the times - when not using SSL (SQUIDEX_PROTOCOL=http, SQUIDEX_FORCE_HTTPS=False). Switching to SQUIDEX_PROTOCOL=https does somewhat work, but not really, because Identity Server is returning the wrong URLs with http scheme in /identity-server/.well-known/openid-configuration. So auth does not really work. When I then force SSL (SQUIDEX_FORCE_HTTPS=True) everything falls apart, because the browser gets too many redirects.

What can I do? I am clueless on what to try out next.

Sebastian · December 6, 2018, 2:02pm

Hi @Gaulomatic

Are you using the docker-compose file? I guess so

Some ideas:

Nginx should forward the original http protocol with the X-ForwardedProto header, so that Squidex knows that it is running under https even though it only gets http requests.
The URLS__BASEURL configuration variable should contains the public URL (with https if you are using http). Can you verify that it is correct? Squidex logs all configuration settings in the first log line.

Gaulomatic · December 6, 2018, 2:30pm

Hi @Sebastian,

thanks you for your reply. I added X-ForwardedProto to the nginx config, now Identity Server returns the correct scheme and auth is working. I then got antother error but I was able to get to bottom of it. The publicly reachable domain is only IPv6 reachable and docker is using v4, so this went into nirvanah. Solving this was simple, and everything runs very fine now.

So essentially I was only missing the X-ForwardedProto header, thank you for this hint. I was trying since yesterday because I find the UI exceptionally end-user friendy, which is a big concern in this particular case.

Sebastian · December 6, 2018, 2:54pm

Thank you for your nice words and I am happy that you solved it

pawankumarbh · January 21, 2020, 5:04am

can you let me know how to set X-ForwardedProto to the nginx config

aziz-sadykov · August 21, 2020, 11:37am

location / {
proxy_pass http://changeIt;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;