I have my Grocy now on ubuntu18.04/nginx running on http/80 default-vhost.
It's locally available on http://grocy.mydomain.lan or http://192.168.1.105 or http://sub.mydomain.local and it works.
I do my SSL Termination with HAproxy on https://grocy.mydomain.tld. LETS Certificate with an ALT is already created and working. Grocy is shown.
But now it looks broken. All links are available like "http://grocy.mydomain.tld/node_modules/bootstrap/dist/css/bootstrap.min.css?v=1.18.1" rel="stylesheet">
Blocked loading mixed active content <-- or something like this.
Is it possible to have relative paths to use both, http for internal use and https for external usage?
The ampache project is having a similar problem with absolute/relative paths. https://github.com/ampache/ampache/issues/181
I'm aware i could use a self-signed or any snakeoil certificate to run my local grocy also behind https/443:grocy.mydomain.lan , so the reverse proxy would just show and serve https://grocy.mydomin.tld and my browser wouldn't find a mixed content problem.
If it's possible to have relative paths, or to select "http/https" in absolute paths would be a nice option and feature.
The URLs are created here - also see the BASE_URL setting in config.php. And yes, it's currently not possible to have it to run on both protocols at the same time.
Some thoughts on this:
Let me know if I should add the second suggested point.
hmm,
atm i already have a X-Forwarded-Proto header set in my config.
http-request add-header X-Forwarded-Proto https
I've set now the base url to https://grocy.mydomain.tld and it works now on my haproxy. As i do not have the need to use it with https from local-subnet. So i'm happy.
Maybe i'll update my local DNS to have a split-DNS for grocy.mydomain.tld point to my local haproxy ip from local.
If you could add option nr. 2 easily, that would be nice of course. Probably also for future users useful. Depends on your time and the amount of work for you.
Thanks
But when you set BASE_URL to https://grocy.mydomain.tld and when you access grocy from http://192.168.1.105 all URLs will point to https://grocy.mydomain.tld, or not?
I will rethink this, theoretically also relative URLs should work, I don't remember exactly, but there was a problem with something, that's why I added to always use absolute URLs for everything...
But when you set BASE_URL to https://grocy.mydomain.tld and when you access grocy from http://192.168.1.105 all URLs will point to https://grocy.mydomain.tld, or not? <= Yes, i'll have to use https://grocy.mydomain.tld but thats not a problem. as there is no load or bandwidth problem caused by grocy.
I'll check https://github.com/berrnd/grocy/commit/27daf384da5d240b77dbf1c9304b3ba98fa0af82
thx
That's right, but when you leave BASE_URL set to default /, then the current hostname is used - now while respecting the X-Forwarded-Proto header - have tested this myself (for this time :D), works as long as you don't have grocy's base in a subdirectory...
Most helpful comment
hmm,
atm i already have a X-Forwarded-Proto header set in my config.
I've set now the base url to https://grocy.mydomain.tld and it works now on my haproxy. As i do not have the need to use it with https from local-subnet. So i'm happy.
Maybe i'll update my local DNS to have a split-DNS for grocy.mydomain.tld point to my local haproxy ip from local.
If you could add option nr. 2 easily, that would be nice of course. Probably also for future users useful. Depends on your time and the amount of work for you.
Thanks