Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mixed content error if OpenEMS is behind reverse proxy with HTTPS #2936

Open
helgeklein opened this issue Dec 20, 2024 · 2 comments
Open

Mixed content error if OpenEMS is behind reverse proxy with HTTPS #2936

helgeklein opened this issue Dec 20, 2024 · 2 comments

Comments

@helgeklein
Copy link

Description

Overview

A common method to secure access to a web-based application like the OpenEMS UI is to place it behind a reverse proxy such as Caddy. The reverse proxy may serve multiple purposes, the most important of which are: provide HTTPS transport encryption, and perform user authentication.

The issue

If placed behind such a reverse proxy, all connections must follow the HTTPS or WSS URI schemes, or a browser like Chrome issues the following type of error:

Mixed Content: The page at '<URL>' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://<URL>'. This request has been blocked; this endpoint must be available over WSS.

This is exactly what happens because the JavaScript code in the browser statically uses the ws: URI scheme instead of dynamically choosing between ws: and wss:. If I understand the code correctly, this happens in exactly one place, line 8 of backend-prod.ts.

How to fix it

This should be simple to fix by checking if the current URI scheme is HTTPS or HTTP and selection WSS or WS, respectively. This StackOverflow answer shows how it can be implemented.

Screenshots

No response

Operating System

No response

How to reproduce the Error?

Place OpenEMS behind a reverse proxy like Caddy that provides HTTPS transport encryption. In its simplest form the following is required in the Caddyfile:

pv.{$MY_DOMAIN} {
         reverse_proxy fenecon.{$MY_DOMAIN}:80
}

In the above example, {$MY_DOMAIN} is an environment variable containing the domain name of my home network. pv is the hostname under which Caddy serves the proxied site over HTTPS. fenecon is the hostname of the OpenEMS installation that is accessed via unencrypted HTTP.

@Sn0w3y
Copy link
Contributor

Sn0w3y commented Dec 20, 2024

This is not really an issue. The existing configuration fundamentally works as intended, as long as it’s clear in which context (e.g. behind an HTTPS reverse proxy) the application is running. If desired, the code can be adjusted to dynamically switch from “ws://” to “wss://”, but this is more of an optional optimization for special environments. The suggestion can certainly be submitted as a PR. In my view, the issue can therefore be closed, @sfeilmeier

@helgeklein
Copy link
Author

I just created pull request #2937 to fix the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants