[SOLVED] Squidex login popup always using https

Mohamed_Baig · July 5, 2021, 7:19pm

I have…

[X] Checked the logs and have uploaded a log file and provided a link because I found something suspicious there. Please do not post the log file in the topic because very often something important is missing.

The logs don’t show anything out of the ordinary.

I’m submitting a…

[X] Regression (a behavior that stopped working in a new release)
[ ] Bug report
[ ] Performance issue
[ ] Documentation issue or request

Current behavior

Previously when using version 5.7.1 I set the URL to always be HTTP. My current environment is such that I cannot use SSL. The login popup always followed the protocol I specified for the instance URL. When upgrading to 5.8.0, the behaviour changed to what is happening now which is the login popup always uses HTTPS. Which always results in an error since I don’t have an SSL certification at all.

Expected behavior

The login popup should use HTTP when the URL specifies only HTTP as the protocol.

Minimal reproduction of the problem

Environment

[X] Self hosted with docker
[ ] Self hosted with IIS
[ ] Self hosted with other version
[ ] Cloud version

Version: 5.8.0

Browser:

[X] Chrome (desktop)
[ ] Chrome (Android)
[ ] Chrome (iOS)
[X] Firefox
[ ] Safari (desktop)
[ ] Safari (iOS)
[ ] IE
[ ] Edge

Others:
Environment:

      - URLS__BASEURL=http://${SQUIDEX_DOMAIN}:5000
      - URLS__ENFORCEHTTPS=false
      - EVENTSTORE__TYPE=MongoDB
      - EVENTSTORE__MONGODB__CONFIGURATION=mongodb://squidex_mongo
      - STORE__MONGODB__CONFIGURATION=mongodb://squidex_mongo
      - IDENTITY__ADMINEMAIL=${SQUIDEX_ADMINEMAIL}
      - IDENTITY__ADMINPASSWORD=${SQUIDEX_ADMINPASSWORD}
      - IDENTITY__GOOGLECLIENT=${SQUIDEX_GOOGLECLIENT}
      - IDENTITY__GOOGLESECRET=${SQUIDEX_GOOGLESECRET}
      - IDENTITY__GITHUBCLIENT=${SQUIDEX_GITHUBCLIENT}
      - IDENTITY__GITHUBSECRET=${SQUIDEX_GITHUBSECRET}
      - IDENTITY__MICROSOFTCLIENT=${SQUIDEX_MICROSOFTCLIENT}
      - IDENTITY__MICROSOFTSECRET=${SQUIDEX_MICROSOFTSECRET}
      - ASPNETCORE_URLS=http://*:5000

Sebastian · July 5, 2021, 7:30pm

Technically it is a bug, but I am not going to fix it, because you cannot login to Squidex using Chrome without https.

And certificates are free today anyway. if you want to have it fixed you have to provide a PR for tht.

Mohamed_Baig · July 5, 2021, 8:08pm

Thank you for the quick response.

The current infrastructure setup does not give us direct access to the Apache server. Setting up the letsencrypt is not possible from our side.

Considering this bug is introduced between feature point releases, shouldn’t this be something that needs to be fixed? Where something like this can be enabled and mandatory in version 6.0?

Sebastian · July 6, 2021, 6:17am

But how do you login with squidex? I think around march last year Chrome started to enforce some https rules. Since then it is not possible to login to Squidex anymore using chrome.

Usually yes, but my time is also limited and Squidex is not a paid product, so I have to make decisions like these.

Mohamed_Baig · July 6, 2021, 3:38pm

We are using Firefox to work with Squidex. So the HTTPS wasn’t an issue on this self hosted instance

Sebastian · July 6, 2021, 5:22pm

I see, but it is only a matter of time when firefox enforces the same rules.

Mohamed_Baig · July 7, 2021, 11:06pm

Just wanted to circle back on how I managed to get it working on this restricted client infra.

I am using the default docker-compose.yalm file with Caddy as the reverse proxy. I had to create custom Caddyfile and mount volume in the compose file that points to that Caddyfile.

Compose file snippet:

...
  squidex_proxy:
    image: squidex/caddy-proxy
    ports:
      - "5000:443"
    environment:
      - SITE_SERVER="squidex_squidex:5000"
    volumes:
      - ./squidex/caddy/data:/data
      - ./squidex/caddy/config:/config
      - ./squidex/Caddyfile:/etc/caddy/Caddyfile
    depends_on:
      - squidex_squidex
    networks:
      - internal
    restart: unless-stopped
...

Caddyfile:

# I added general options
{
	# General Options
	debug

	local_certs
}

${SQUIDEX_DOMAIN} {
	reverse_proxy {$SITE_SERVER}
}

With this, and port 5000 allowed through the firewall, I was able to setup the instance with self signed certificate.

Thanks for the help

Sebastian · July 8, 2021, 6:28am

system · July 11, 2021, 6:42pm

This topic was automatically closed after 2 days. New replies are no longer allowed.