AWS Load Balancer https issue - amazon-web-services

I was trying to setup the load balancer for our servers. if use the http, it works fine. But when I switch to https, I got following errors in the browser console:
Mixed Content: The page at 'https://www.something.com/' was loaded over HTTPS, but requested an insecure script '...mootools.js'. This request has been blocked; the content must be served over HTTPS
I thought I did some hard code like "http://www.something.com/library/....",
but I did not, I only use the "/library/...." for including the javascript files.
When I set up the load balancer, it was asked me to setup the port for listening. I set as https , load balancer port: 443 forward to instance port 80.
Is anybody knew how could I solve this problem.
Thanks.

The forwarding back to 80 isn't responsible for it. This is either HTML that is hardcoded to http or a redirect/server-generated URL pointing to http.
Use the network panel of dev tools (like in Chrome's menu) and inspect each request until you find the culprit.
Here's an example, using this question page. I've selected an insecure request.

Related

Can a remote server send response to a local client on a custom port?

For network gurus out there, I'll like to ask some questions regarding some unique setup where the server will be sending a request to a client on localhost on a certain port.
I have a cloudy understanding of some network fundamentals that I hope you'll be able to help me out.
Kindly check the image below:
Basically, there's a static website hosted in AWS s3 and at some point this website will send a request to https://localhost:8001.
I was expecting that it will connect to the nginx container listening on port 8001 in my local machine, but it results in 504 gateway error.
My questions are:
Is it possible for a remote server to directly send data to a client at a particular port by addressing it as localhost?
How is it possible for the static website to communicate to my local docker container?
Thanks in advance.
In the setup you show, in the context of a Web site, localhost isn't in your picture at all. It's the desktop machine running the end user's Web browser.
More generally, you show several boxes in your diagram – "local machine", "Docker VM", "individual container", "server in Amazon's data center" – and within each of these boxes, if they make an outbound request to localhost, it reaches back to itself.
You have two basic options here:
(1) Set up a separate (Route 53) DNS name for your back-end service, and use that https://backend.example.com/... host name in your front-end application.
(2) Set up an HTTP reverse proxy that forwards /, /assets, ... to S3, and /api to the back-end service. In your front-end application use only the HTTP path with no host name at all.
The second option is more work to set up, but once you've set it up, it's much easier to develop code for. Webpack has a similar "proxy the backend" option for day-to-day development. This setup means the front-end application itself doesn't care where it's running, and you don't need to rebuild the application if the URL changes (or an individual developer needs to run it on their local system).

Website refuses to open on custom domain but works on IP

I am trying to bring my Django website online with a custom domain.
The website is melius.live and the IP of the webserver is 157.90.29.120. However, opening the IP works fine, opening the domain usually doesn't work, sometimes it gives me an Apache default page (I am using NGINX, not Apache), but normally just a connection refused.
The site is written in Django, I am using Hetzner for hosting and Namecheap for the domain.
When I do a traceroute, the correct IP shows up.
Where is the problem?

Accessing HTTP content from an HTTPS server || HTTP request blocked

My Django application currently runs on HTTPS in the server. Recently i added a new functionality for which it has access another link to get JSON object which is HTTP link.
Its working fine in the localhost but when I deploy it in the server, it is showing the following error.
Site was loaded over HTTPS, but requested an insecure resource http link. This request has been blocked; the content must be served over HTTPS.
Can someone please suggest a workaround to bypass this so that the new functionality runs smooth.
This error comes from the browser, so there is not match you can do on the server side.
Easiest thing would be to enable https to those external resources if you have control over that.
Next workaround would be to add a proxy for your http resources and make this proxy https. In example, you could add a simple nginx server with proxy_pass to your http server and add https on that proxy'ing nginx.
Note, that if this JSON you are talking about contains anything sensitive, security-wise you really should serve it via https and not via proxy-workaround I described above. If nothing sensitive is served, workaround might be ok.
Since you have control over your http server, just allow ssl proxy on the nginx, with configuration that may look something like that:
server {
listen 443;
server_name my.host.name;
ssl_certificate /path/to/cert;
ssl_certificate_key /path/to/key;
location / {
proxy_pass http://localhost:80;
}
}
Note, if you're using something like AWS / GCP / Azure - you can do it on the load balancer side instead of nginx.
Otherwise, you can use letsencrypt to get the actual certificate and do some auto-configuration of nginx for you.

Jenkins Redirects to Http after Login

Apologies if this isn't the right place to post this question but I have a Jenkins container running on an ec2. Both listen on 8080. I have an NLB that listens on 443. When I log into to my https://jenkins.xyz.com, it redirects to http://jenkins.xyz.com. I get an error as nothing is listening on 80. If I manually change http to https after logging in, I'm in and just it works fine, although I get "reverse proxy is broken" error in Configure Jenkins. Tried a different container but still the same issue. Any help will be greatly appreciated.
Was able to solve my issue following the instructions in this article:
http://code.haleby.se/2016/01/22/enable-ssl-in-jenkins-in-docker/
Just had to give the jenkins user (UID) permissions to the directory containing the cert on the host (which I didn't see in the article but might be mentioned).

C++ Winsock Determine HTTP or HTTPS

I've just started studying Winsocks and I've a simple question for you: how can I determine if the connection to a server must take place over a HTTP or HTTPS connection?
Let's say I want to connect to randomsite.random, how can I know what kind of connection I need? I know that for HTTP I must connect to port 80, while for HTTPS is needed 443, but how can I determine WHEN is needed a HTTPS connection?
Thank you for the attention!
The same way a web browser decides: Based on the URL you are trying to load. In a web browser, the URL begins with http or https, which is used to determine whether an SSL connection should be used. This is also used to determine the port if no port number is specified in the URL.
Many sites offer both a secure and a non-secure version. Some offer only a secure version, but still run a non-secure server which issues a redirect to the URL of the secure version. If you implement following of redirects, you don't need to worry about which version to use: it will happen automatically.
This is usually a function of the site you are connecting to.
If the site requires a HTTPS connection, then if you connect over HTTP you will get a redirect response code with a HTTPS URL.
Firstly, it's not always port 80 and port 443. Secondly, you won't establish successful communication if you use the wrong communication protocol. As said in another answer, if you try to connect via HTTP to an HTTPS server, it will give you a redirect response code with an HTTPS URL.
Most of the time, you have this information before-hand!