Author Topic: Mixed Content Errors with SSL Termination via nginx to Varnish cache  (Read 6048 times)

Offline jeremy

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
Dearest friends,

I love Abantecart. I have successfully implemented it with SSL about half a dozen times and clients have always thanked me. It is fantastic!

That said, recently I have run into problems when adding Varnish to the stack. Varnish is fine with HTTP, but it requires SSL termination to use HTTPS. I have successfully implemented with with other sites by using nginx to receive the https traffic, which is then redirected to Varnish on port 80 to serve up a cached version, just like it does over HTTP.

My problem appears to be that various src= attributes are not being updated, despite config_ssl being set to "on" or "1" or "true". When the page loads (https:  //kulturedkitsch.info), it delivers an abundance of Mixed Content errors and does not load even the CSS without me accepting the risk (in Chrome). I began to explore /core/init.php and found some relevant lines around 367, which ostensibly would be setting the store url to HTTPS, though the assets still fail to load and the <base href=""> is still in HTTP. Naturally, I played around with this a little, but to no avail: made it set the variable to SSL unconditionally, it did not resolve the mixed content.

I then changed the config_url (which is intended to be HTTP only) to the HTTPS address. Nothing happened.

While I am using varnish cache, I have it simply load-balancing right now (no caching).

Altogether, I am somewhat lost by this debugging and have little desire to interfere with AbanteCart's core files (which will be broken again upon updating). Instead, I am hoping that someone here has some insight into this problem.

Thank you for your insight!
~Jeremy


Offline eCommerce Core

  • Administrator
  • Hero Member
  • *****
  • Posts: 1602
  • Karma: +93/-1
    • View Profile
Re: Mixed Content Errors with SSL Termination via nginx to Varnish cache
« Reply #1 on: January 29, 2016, 07:53:54 AM »
I think there is something misconfigured on your site. If I access it with https it is broken.

What version of AbanteCart do you use?
Did you put any HTML code in the template. Is it possible that this code has http src in there?
“If you’re in the luckiest one per cent of humanity, you owe it to the rest of humanity to think about the other 99 per cent.”
― Warren Buffett

Offline abolabo

  • core-developer
  • Administrator
  • Hero Member
  • *****
  • Posts: 2068
  • Karma: +327/-13
  • web for all, all for web!
    • View Profile
    • AbanteCart
Re: Mixed Content Errors with SSL Termination via nginx to Varnish cache
« Reply #2 on: January 29, 2016, 08:53:05 AM »
since v.1.2.0 Abantecart have two settings for URL? for http and https. Plus you should to turn SSL setting on in system->settings->system.

Regarding varnish, css, images etc.. try to check is mod_expire enabled on your apache web-server. Also we can recommend to check your site via https://developers.google.com/speed/pagespeed/insights/ to define what you can do on server-side.
“No one is useless in this world who lightens the burdens of another.”
― Charles Dickens

Offline jeremy

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
Re: Mixed Content Errors with SSL Termination via nginx to Varnish cache
« Reply #3 on: January 29, 2016, 10:56:24 PM »
I have now performed a complete system reinstallation using the instructions available on this forum. While the installation was a success, it did not resolve my HTTPS problems.

It is odd to me that the site has not switched to HTTPS since I have had other sites use AbanteCart's SSL feature successfully. I have noticed that it appears that only a series of image files are not being loaded (though it certainly looks as if it's missing css), though the navigation links are written in http;// and therefore not functioning properly.

@eCommerce Core:
My version is the latest, 1.2.5.
I think you're brilliant of your observation of contained HTML. I think this may explain some discrpencies between http and https, though it does not account for the css break.

@abolabo
I checked where you talked about, indeed in fact the whole options, though I cannot find another options related to SSL/TLS.
Thank you for the recommendation for Google Pagespeed. I love and use it, along with the ModPagespeed to tidy up with minification, concatenating, and caching, though it is presently turned "unplugged" so there seem to be lots of improvements.

My best hypothesis at the moment is that since some of the content is served via Varnish on port 80, it is detecting this (or, based on the code, failing to be excepted) as HTTP. In turn, some things are being built with the HTTP links. My only issue with this theory is that manually setting the HTTPS variables do no elicit the appropriate response.

Thank you for your continued efforts!

 

Powered by SMFPacks Social Login Mod