Mixed content on 0.17 with docker


#1

Hello everyone !

I recently upgraded my docker instance to 0.17. I seem to have some issues with the album covers that are fetch in http, thus raising a “mixed content” warning.

Any help is welcome :slight_smile:


#2

Hello,

I’m going to try to give you a hint or an answer even tough I don’t know anything about Docker – can be a bad idea.

Is your instance properly configured ? I assume it is since you’re running it on Docker. Then, have you properly configured your frontend server to serve tracks and assets over the encrypted connection ? And finally, have you tried to configure a redirect on the frontend server ?

I hope I could give you some useful hints despite not knowing anything about Docker.


#3

Thanks for trying to help !

The media files were served correctly before the upgrade. I’m trying to figure out what changes caused the mixed content thing. My guess is the newly dockerized nginx, but I fail to see what I missed in the upgrade process : should I add a TLS section to the nginx/funkwhale.template config file for the dockerized nginx ?


#4

If it worked before, I’d say it’s because of change in the nginx configuration. Can you share what you have in your host nginx vhost file, as well as the included funkwhale_proxy.conf (on the host proxy, again).

I suspect that Funkwhale does not receive the appropriate headers indicating it’s served behind ssl, thus returning http URLs for media files.


#5

My /etc/nginx/funkwhale_proxy.conf :

# global proxy conf
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_redirect off;

# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection $connection_upgrade;

My funkwhale.conf :

upstream fw {
    # depending on your setup, you may want to udpate this
    server 127.0.0.1:5000;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    listen [::]:80;
    server_name soultuna.nry.pw;
    location / { return 301 https://$host$request_uri; }

    access_log /var/log/nginx/soultuna.nry.pw-access.log;
    error_log /var/log/nginx/soultuna.nry.pw-error.log;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name soultuna.nry.pw;

    ssl_certificate /etc/.../crt.pem;
    ssl_certificate_key /etc/.../key.pem;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;

    ssl_ecdh_curve secp384r1;

    ssl_prefer_server_ciphers on;

    # Ciphers with intermediate compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=intermediate
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 

    location / {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://fw/;
    }

    access_log /var/log/nginx/soultuna.nry.pw-access.log;
    error_log /var/log/nginx/soultuna.nry.pw-error.log;
}

#6

My own configuration looks similar, the only differing part is that for historical reason I’ve got the proxy configuration inlined in the vhost:

location / {
        client_max_body_size 150M;

        proxy_pass   http://fw/;
        # global proxy conf
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_redirect off;

        # websocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

Do you confirm you have the following content in /srv/funkwhale/nginx/funkwhale_proxy.conf?

real_ip_header X-Forwarded-For;
set_real_ip_from 172.17.0.0/16;

proxy_set_header Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_redirect off;

# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

?


#7

I confirm ! I am still getting mixed content.


#8

Erf, I’m running out of ideas right now :frowning:


#9

I’m starting to have mixed feelings about this (lol). This is a non blocking bug, so I’ll just let this topic open in case anyone comes up with something.


#10

Back to this bug, more annoying than I thought : mixed content is not only images, but also api calls. When on the Browse Library tab, I can’t use the arrows to browse through Recently added/listened/fav.
In the console I get :

Blocked loading mixed active content “http://soultuna.nry.pw/api/v1/history/listenings/?ordering=-creation_date&page=2&page_size=5&scope=user&scope=user&ordering=-creation_date&page_size=5”[Learn More]
xhr.js:178
Blocked loading mixed active content “http://soultuna.nry.pw/api/v1/favorites/tracks/?ordering=-creation_date&page=2&page_size=5&scope=user&scope=user&ordering=-creation_date&page_size=5”[Learn More] xhr.js:178
Blocked loading mixed active content “http://soultuna.nry.pw/api/v1/albums/?ordering=-creation_date&page=2&page_size=12&playable=true&playable=true&ordering=-creation_date&page_size=12”[Learn More] xhr.js:178

Also, I noticed that in my funkwhale_proxy.conf, nginx won’t work with the line proxy_set_header Host $http_x_forwarded_host;. I must put $host or $http_host instead for this to work, otherwise I get a http proxy status 400 error with the following trace :

2018/12/08 01:38:29 [debug] 29392#29392: *89678 http cleanup add: 00005626D78FAD80
2018/12/08 01:38:29 [debug] 29392#29392: *89678 get rr peer, try: 1
2018/12/08 01:38:29 [debug] 29392#29392: *89678 stream socket 6
2018/12/08 01:38:29 [debug] 29392#29392: *89678 epoll add connection: fd:6 ev:80002005
2018/12/08 01:38:29 [debug] 29392#29392: *89678 connect to 127.0.0.1:5000, fd:6 #89680
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http upstream connect: -2
2018/12/08 01:38:29 [debug] 29392#29392: *89678 posix_memalign: 00005626D7B53400:128 @16
2018/12/08 01:38:29 [debug] 29392#29392: *89678 event timer add: 6: 60000:1544229569865
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http finalize request: -4, "/favicon.ico?" a:1, c:2
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http request count:2 blk:0
2018/12/08 01:38:29 [debug] 29392#29392: *89678 delete posted event 00005626D7E25D60
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http run request: "/favicon.ico?"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http upstream check client, write event:1, "/favicon.ico"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http upstream recv(): -1 (11: Resource temporarily unavailable)
2018/12/08 01:38:29 [debug] 29392#29392: *89678 post event 00005626D7E25DC0
2018/12/08 01:38:29 [debug] 29392#29392: *89678 delete posted event 00005626D7E25DC0
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http upstream request: "/favicon.ico?"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http upstream send request handler
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http upstream send request
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http upstream send request body
2018/12/08 01:38:29 [debug] 29392#29392: *89678 chain writer buf fl:1 s:349
2018/12/08 01:38:29 [debug] 29392#29392: *89678 chain writer in: 00005626D78392C0
2018/12/08 01:38:29 [debug] 29392#29392: *89678 writev: 349 of 349
2018/12/08 01:38:29 [debug] 29392#29392: *89678 chain writer out: 0000000000000000
2018/12/08 01:38:29 [debug] 29392#29392: *89678 event timer del: 6: 1544229569865
2018/12/08 01:38:29 [debug] 29392#29392: *89678 event timer add: 6: 60000:1544229569872
2018/12/08 01:38:29 [debug] 29392#29392: *89678 post event 00005626D7E13DB0
2018/12/08 01:38:29 [debug] 29392#29392: *89678 post event 00005626D7E25DC0
2018/12/08 01:38:29 [debug] 29392#29392: *89678 delete posted event 00005626D7E13DB0
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http upstream request: "/favicon.ico?"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http upstream process header
2018/12/08 01:38:29 [debug] 29392#29392: *89678 malloc: 00005626D7CB35E0:4096
2018/12/08 01:38:29 [debug] 29392#29392: *89678 recv: fd:6 309 of 4096
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http proxy status 400 "400 Bad Request"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http proxy header: "Server: nginx/1.15.7"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http proxy header: "Date: Sat, 08 Dec 2018 00:38:29 GMT"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http proxy header: "Content-Type: text/html"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http proxy header: "Content-Length: 157"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http proxy header: "Connection: close"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 http proxy header done
2018/12/08 01:38:29 [debug] 29392#29392: *89678 uploadprogress error-tracker error: 0
2018/12/08 01:38:29 [debug] 29392#29392: *89678 lua capture header filter, uri "/favicon.ico"
2018/12/08 01:38:29 [debug] 29392#29392: *89678 xslt filter header
2018/12/08 01:38:29 [debug] 29392#29392: *89678 HTTP/1.1 400 Bad Request

#11

The bad request is likely a response from the API, what’s the content of the API logs when you have those responses in nginx?


#12

No logs for the api container.

nginx container is giving 400 as well :

nginx_1         | 172.18.0.1 - - [10/Dec/2018:21:59:08 +0000] "GET /favicon.ico HTTP/1.1" 400 157 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0" "185.156.175.140"
nginx_1         | 172.18.0.1 - - [10/Dec/2018:21:59:09 +0000] "GET /api/v1/albums HTTP/1.1" 400 157 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0" "185.156.175.140"
nginx_1         | 172.18.0.1 - - [10/Dec/2018:21:59:09 +0000] "GET /favicon.ico HTTP/1.1" 400 157 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0" "185.156.175.140"

#13

One thing you can try is to edit |this line](https://dev.funkwhale.audio/funkwhale/funkwhale/blob/develop/deploy/docker-compose.yml#L87) in your compose file, and replace nginx -g 'daemon off;'" by nginx-debug -g 'daemon off;'"

It should give you more logs (and hopefully help us understand what’s going on)


#14

The log output is identical to the one above. I try adding a line error_log /var/log/nginx/soultuna.nry.pw-error.docker.log debug; to nginx/funkwhale.template, but I must be doing this wrong.


#15

If you do that the error log will be in the container (you’d have to read it with docker-compose exec nginx cat /var/log/nginx/soultuna.nry.pw-error.docker.log)


#16

J’apprends des trucs c’est cool :slight_smile: et enfin un log plus clair !

2018/12/11 12:12:35 [debug] 13#13: *14 http process request header line
2018/12/11 12:12:35 [debug] 13#13: *14 http header: "X-Forwarded-For: 159.69.113.20"
2018/12/11 12:12:35 [debug] 13#13: *14 http header: "Connection: close"
2018/12/11 12:12:35 [debug] 13#13: *14 http header: "User-Agent: python-requests/2.18.4"
2018/12/11 12:12:35 [debug] 13#13: *14 http header: "Accept-Encoding: gzip, deflate"
2018/12/11 12:12:35 [debug] 13#13: *14 http header: "Accept: */*"
2018/12/11 12:12:35 [debug] 13#13: *14 http header: "x-datadog-trace-id: 16496582069336950998"
2018/12/11 12:12:35 [debug] 13#13: *14 http header: "x-datadog-parent-id: 7658787403841389630"
2018/12/11 12:12:35 [debug] 13#13: *14 http header done
2018/12/11 12:12:35 [info] 13#13: *14 client sent HTTP/1.1 request without "Host" header while reading client request headers, client: 172.18.0.1, server: soultuna.nry.pw, request: "GET /.well-known/nodeinfo HTTP/1.1"
2018/12/11 12:12:35 [debug] 13#13: *14 http finalize request: 400, "/.well-known/nodeinfo?" a:1, c:1
2018/12/11 12:12:35 [debug] 13#13: *14 event timer del: 3: 6098888615
2018/12/11 12:12:35 [debug] 13#13: *14 http special response: 400, "/.well-known/nodeinfo?"
2018/12/11 12:12:35 [debug] 13#13: *14 http set discard body
2018/12/11 12:12:35 [debug] 13#13: *14 HTTP/1.1 400 Bad Request

J’ai l’impression qu’il ne reconnait pas la variable $http_x_forwarded_host


#17

D’après les logs il manque pas mal de headers oui, notamment le X-Forwarded-Proto and X-Forwarded-Host, qui sont indispensables (d’où l’erreur 400 à mon avis)


#18

tu peux essayer de reprendre ce qui est dans mon post un peu plus haut (Mixed content on 0.17 with docker) et le copier tel quel dans ta conf nginx sur l’host ? Je me demande s’il n’y a pas un souci avec le include.


#19

Pourquoi $http_x_forwarded_host est indiqué dans la doc ?

Avec ta conf, je reviens à mon problème initial de mixed content. J’ai récupéré la trace d’une requête demandant une cover en http :

2018/12/11 14:36:24 [debug] 13#13: *215 write new buf t:1 f:0 0000561DC0199A98, pos 0000561DC0199A98, size: 176 file: 0, size: 0
2018/12/11 14:36:24 [debug] 13#13: *215 http write filter: l:1 f:0 s:176
2018/12/11 14:36:24 [debug] 13#13: *215 http write filter limit 0
2018/12/11 14:36:24 [debug] 13#13: *215 writev: 176 of 176
2018/12/11 14:36:24 [debug] 13#13: *215 http write filter 0000000000000000
2018/12/11 14:36:24 [debug] 13#13: *215 http finalize request: 0, "/media/__sized__/albums/covers/2018/10/17/b06262e1d-6923-411e-9b6c-457013730c2f-crop-c0-5__0-5-200x200-70.jpg?" a:1, c:1
2018/12/11 14:36:24 [debug] 13#13: *215 http request count:1 blk:0
2018/12/11 14:36:24 [debug] 13#13: *215 http close request
2018/12/11 14:36:24 [debug] 13#13: *215 http log handler
2018/12/11 14:36:24 [debug] 13#13: *215 run cleanup: 0000561DC0199488
2018/12/11 14:36:24 [debug] 13#13: *215 file cleanup: fd:20
2018/12/11 14:36:24 [debug] 13#13: *215 free: 0000561DC0198570, unused: 40
2018/12/11 14:36:24 [debug] 13#13: *215 free: 0000561DC0199580, unused: 2312
2018/12/11 14:36:24 [debug] 13#13: *215 close http connection: 19
2018/12/11 14:36:24 [debug] 13#13: *215 reusable connection: 0
2018/12/11 14:36:24 [debug] 13#13: *215 free: 0000561DC00E85D0
2018/12/11 14:36:24 [debug] 13#13: *215 free: 0000561DC00E9210, unused: 136
2018/12/11 14:36:24 [debug] 13#13: accept on 0.0.0.0:80, ready: 0
2018/12/11 14:36:24 [debug] 13#13: posix_memalign: 0000561DC00E9210:512 @16
2018/12/11 14:36:24 [debug] 13#13: *216 accept: 172.18.0.1:49132 fd:19
2018/12/11 14:36:24 [debug] 13#13: *216 event timer add: 19: 60000:6107516938
2018/12/11 14:36:24 [debug] 13#13: *216 reusable connection: 1
2018/12/11 14:36:24 [debug] 13#13: *216 epoll add event: fd:19 op:1 ev:80002001
2018/12/11 14:36:24 [debug] 13#13: *216 http wait request handler
2018/12/11 14:36:24 [debug] 13#13: *216 malloc: 0000561DC00E85D0:1024
2018/12/11 14:36:24 [debug] 13#13: *216 recv: eof:0, avail:1
2018/12/11 14:36:24 [debug] 13#13: *216 recv: fd:19 705 of 1024
2018/12/11 14:36:24 [debug] 13#13: *216 reusable connection: 0
2018/12/11 14:36:24 [debug] 13#13: *216 posix_memalign: 0000561DC0198570:4096 @16
2018/12/11 14:36:24 [debug] 13#13: *216 http process request line
2018/12/11 14:36:24 [debug] 13#13: *216 http request line: "GET /media/__sized__/albums/covers/2018/07/18/5fac8eb8-e0d8-4961-a08c-4ac8f586dccf-crop-c0-5__0-5-200x200-70.jpg HTTP/1.1"
2018/12/11 14:36:24 [debug] 13#13: *216 http uri: "/media/__sized__/albums/covers/2018/07/18/5fac8eb8-e0d8-4961-a08c-4ac8f586dccf-crop-c0-5__0-5-200x200-70.jpg"
2018/12/11 14:36:24 [debug] 13#13: *216 http args: ""
2018/12/11 14:36:24 [debug] 13#13: *216 http exten: "jpg"
2018/12/11 14:36:24 [debug] 13#13: *216 posix_memalign: 0000561DC0199580:4096 @16
2018/12/11 14:36:24 [debug] 13#13: *216 http process request header line
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "Host: soultuna.nry.pw"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "X-Real-IP: 185.156.175.140"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "X-Forwarded-For: 185.156.175.140"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "X-Forwarded-Proto: https"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "X-Forwarded-Host: soultuna.nry.pw"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "X-Forwarded-Port: 443"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "Connection: close"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "Accept: */*"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "Accept-Language: en-US,en;q=0.5"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "Accept-Encoding: gzip, deflate, br"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "Cookie: SSOwAuthUser=renon; SSOwAuthHash=1a8813e32e8bab4e5337b4c60a1576f058bc2108bd75c8d64378324f3a1f3da96cd02e54c92aff085f4622d60a3db08bd6d5520cff49c2a27868fb234cf5c2fe; SSOwAuthExpire=1545134463.267"
2018/12/11 14:36:24 [debug] 13#13: *216 http header: "Cache-Control: max-age=0"
2018/12/11 14:36:24 [debug] 13#13: *216 http header done
2018/12/11 14:36:24 [debug] 13#13: *216 event timer del: 19: 6107516938
2018/12/11 14:36:24 [debug] 13#13: *216 generic phase: 0
2018/12/11 14:36:24 [debug] 13#13: *216 rewrite phase: 1
2018/12/11 14:36:24 [debug] 13#13: *216 test location: "/"
2018/12/11 14:36:24 [debug] 13#13: *216 test location: "federation/"
2018/12/11 14:36:24 [debug] 13#13: *216 test location: "rest/"
2018/12/11 14:36:24 [debug] 13#13: *216 test location: "media/"
2018/12/11 14:36:24 [debug] 13#13: *216 using configuration "/media/"
2018/12/11 14:36:24 [debug] 13#13: *216 http cl:-1 max:1048576
2018/12/11 14:36:24 [debug] 13#13: *216 rewrite phase: 3
2018/12/11 14:36:24 [debug] 13#13: *216 post rewrite phase: 4
2018/12/11 14:36:24 [debug] 13#13: *216 generic phase: 5
2018/12/11 14:36:24 [debug] 13#13: *216 generic phase: 6
2018/12/11 14:36:24 [debug] 13#13: *216 generic phase: 7
2018/12/11 14:36:24 [debug] 13#13: *216 access phase: 8
2018/12/11 14:36:24 [debug] 13#13: *216 access phase: 9
2018/12/11 14:36:24 [debug] 13#13: *216 access phase: 10
2018/12/11 14:36:24 [debug] 13#13: *216 post access phase: 11
2018/12/11 14:36:24 [debug] 13#13: *216 generic phase: 12
2018/12/11 14:36:24 [debug] 13#13: *216 generic phase: 13
2018/12/11 14:36:24 [debug] 13#13: *216 content phase: 14
2018/12/11 14:36:24 [debug] 13#13: *216 content phase: 15
2018/12/11 14:36:24 [debug] 13#13: *216 content phase: 16
2018/12/11 14:36:24 [debug] 13#13: *216 content phase: 17
2018/12/11 14:36:24 [debug] 13#13: *216 content phase: 18
2018/12/11 14:36:24 [debug] 13#13: *216 content phase: 19
2018/12/11 14:36:24 [debug] 13#13: *216 http filename: "/srv/funkwhale/data/media/__sized__/albums/covers/2018/07/18/5fac8eb8-e0d8-4961-a08c-4ac8f586dccf-crop-c0-5__0-5-200x200-70.jpg"
2018/12/11 14:36:24 [debug] 13#13: *216 add cleanup: 0000561DC0199468
2018/12/11 14:36:24 [debug] 13#13: *216 http static fd: 20
2018/12/11 14:36:24 [debug] 13#13: *216 http set discard body
2018/12/11 14:36:24 [debug] 13#13: *216 HTTP/1.1 200 OK

Les headers sont bons.
C’est quand même étrange, quand je fais la requête directement, ça redirige en https sans soucis, et dans la console j’ai d’abord http puis https :

Loading mixed (insecure) display content “http://soultuna.nry.pw/media/__sized__/albums/covers/2018/12/07/ba5b28eae-6e21-4da5-bf89-7502d1c1aa54-crop-c0-5__0-5-200x200-70.jpg” on a secure page[Learn More] vue-lazyload.js:6:5755
Loading mixed (insecure) display content “https://soultuna.nry.pw/media/__sized__/albums/covers/2018/12/07/ba5b28eae-6e21-4da5-bf89-7502d1c1aa54-crop-c0-5__0-5-200x200-70.jpg” on a secure page[Learn More]
vue-lazyload.js:6:5755

Dans Network tout est en vert.
Même résultat sous Chromium, au cas où.


#20

tu as le lien que je regarde ?

A mon avis le problème n’est pas tant que la redirection HTTP-S fonctionne ou pas, mais plutôt que Funkwhale pense être servi en http.

Tu peux me repartager l’état de ta conf actuelle s’il te plait (nginx sur l’host, .env et template nginx du docker) ?