[SOLVED] Problem HTTPS (Mixed Content)

Question

[SOLVED] Problem HTTPS (Mixed Content)

gianfelicevincenzo opened this issue 4 years ago · 8 comments

gianfelicevincenzo commented 4 years ago

Hi. My configuration of configuration.js:

// default authentication configuration, never fill it in case the webui is hosted in public IP as it can be compromised
    host: location.protocol.startsWith("http") ? location.hostname : "localhost",
    path: "/jsonrpc",
    port: 6800,
    encrypt: true,
    auth: {
      // either add the token field or the user and pass field, not both.
       token: 'MYTOKEN'
      /*-----------------------------*/
      // user: '*YOUR_USERNAME*',
      // pass: '*YOUR_SECRET_PASS*'
    },

Configuration of apache (site aria2.conf):

<VirtualHost *:443>
   ServerName aria.home.io
   DocumentRoot /var/www/html/webui-aria2/docs
   
   ProxyPass /jsonrpc wss://127.0.0.1:6800/jsonrpc
   ProxyPassReverse /jsonrpc wss://127.0.0.1:6800/jsonrpc
</VirtualHost>

Messages of firefox:

Why does the "Mixed Content" message always appear if everything has been set to a secure connection?

Answer 1 · 2020-05-04T04:57:03.000Z

IIRC configuration.js is not working, resulting that Web-UI is falling back to http://<samehost>:6800, which is unsafe mixed content.
BTW if I guessed correctly, you should ProxyPass to ws://127.0.0.1:6800/json, for you shouldn't create a certificate for 127.0.0.1.

Answer 2 · 2020-05-04T18:30:41.000Z

So, the problem is with webui-aria2? If so, how can this be resolved?

Answer 3 · 2020-05-05T16:09:01.000Z

For now, only #417 way works nobly.
If you want to dig a little bit, #473 (comment) will also be helpful.

Answer 4 · 2020-05-05T18:35:44.000Z

Thanks...but I noticed that this problem has been around for a long time ... why hasn't it "been solved" yet?

Answer 5 · 2020-05-06T02:52:11.000Z

This project was switched to modern build system, but no one was familiar with that. The building system requires developer to have the entire node environment, which deactivates potential developers even more.
I am sticking to version before that happens.

Answer 6 · 2020-05-06T22:27:43.000Z

@no1xsyzy I finally solved it! But I had to edit the app.js file like this (on the following lines):

Before:

170 .constant("$authconf", {
172 host: location.protocol.startsWith("http") ? location.hostname : "localhost",
173 path: "/jsonrpc",
174 port: 6800,
175 encrypt: !1,
176 auth: {},
177 directURL: ""
178 })
....
....
320 u.push(
321 { host: r.host(), path: "/jsonrpc", port: 6800, encrypt: !1 },
....
....

After:

170 .constant("$authconf", {
172 host: location.protocol.startsWith("http") ? location.hostname : "localhost",
173 path: "/jsonrpc",
174 port: 443,
175 encrypt: true,
176 auth: {},
177 directURL: ""
178 })
....
....
320 u.push(
321 { host: r.host(), path: "/jsonrpc", port: 443, encrypt: true },
....
....

Now could you tell me (unfortunately I'm not javascript expert :) ) if something is missing or is it a correct modification? (Obviously the static parameters are the ones I set as they reflect my needs)

Answer 7 · 2020-05-07T11:22:00.000Z

If it works, it is correct.

BTW to mark it solved, you are suggest to "close" it instead of change the title. Conversation can continue after closed, as long as collaborators didn't "lock" it, which usually doesn't happen here since owner and collaborators are not so active and there is no bot locker.

Answer 8 · 2020-05-07T14:53:31.000Z

Sorry, you are right :). More than anything else I was waiting for a "definitive" answer to be able to close the issue