About moqui ssl auto to no ssl url 443 question

houcun · October 1, 2024, 10:16pm

I set up an nginx proxy in front of the moqui server to forward nginx 80 port information to moqui 8080. At the same time, I set SSL in AWS to point to nginx 80, but a moqui form action appeared. The CSS resource was sourced from https The SSL secure link has become http url and 443 port How to solve the problem of the form being unable to submit the correct URL due to a non secure link with a port.

my nginx conf:
server {
listen 80;
server_name domain

    charset utf8;

    #access_log  logs/host.access.log  main;

    add_header Content-Security-Policy "form-action 'self' *； default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: https: http:; connect-src *";


 location / {
    proxy_pass  
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header REMOTE_ADDR $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Port 443;
    proxy_redirect http:// $scheme://;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';

    # 
    proxy_pass_request_headers on;
   
     }

 # 
  location ~ \.php$ {
    return 403;
    }

but not work.

Does anyone know how to solve it?

thanks

Houcun
2024.10.2

michael · October 4, 2024, 2:41am

Unless you have a special use case, to avoid problems like this, I recommend using this docker compose file moqui-framework/docker/moqui-acme-postgres.yml at master · moqui/moqui-framework · GitHub with your moqui docker image.

It already has let’s encrypt’s SSL built in and is quite easy to setup. Note that if you use postgres, you’ll need to handle backups manually, but you can edit the config to not run postgres and point your entity_ds config to RDS to have aws handle backups.

I am currently working on a way to make hosting Moqui easier and pretty much plug and play here and it could be expedited if you want to use it

houcun · October 6, 2024, 6:23pm

thanks a lot, I currently only need moqui+h2 because it is simple, fast, easy to maintain, and has fewer requirements for servers. If there are major access issues, I will use load balancing first. If Docker supports direct deployment or built-in, it is a very practical and good idea.
I have tried Moqui Docker deployment before, but unfortunately it failed, so I did not try again.
I think moqui is the architecture design that I have been brainstorming and searching for, so I like to use it.
Thank you for your contribution, it’s great.

Houcun
2024.10.6

michael · October 9, 2024, 9:47pm

It’s great to hear that. I do like the moqui+h2 deployment for simple stuff. Here’s some things to consider for h2 in prod. Just make sure to backup your database if you don’t already know that