Mixed content on 0.17 with docker


#21

Autant pour moi ça venait de la 2e partie de ton commentaire (Mixed content on 0.17 with docker).

/etc/nginx/conf.d/soultuna.nry.pw :

upstream fw {
    # depending on your setup, you may want to udpate this
    server 127.0.0.1:5000;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    listen [::]:80;
    server_name soultuna.nry.pw;

    location / { return 301 https://$host$request_uri; }

    access_log /var/log/nginx/soultuna.nry.pw-access.log;
    error_log /var/log/nginx/soultuna.nry.pw-error.log;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name soultuna.nry.pw;

    ssl_protocols TLSv1.2;
    ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
    ssl_prefer_server_ciphers on;
    #ssl_session_cache shared:SSL:10m;
    ssl_certificate /etc/yunohost/certs/soultuna.nry.pw/crt.pem;
    ssl_certificate_key /etc/yunohost/certs/soultuna.nry.pw/key.pem;

    # HSTS
    add_header Strict-Transport-Security "max-age=31536000";

    location / {
	#client_max_body_size 150M;
        #include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://fw/;

        #proxy_set_header Host $http_x_forwarded_host;
	#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	#proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
	#proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
	#proxy_set_header X-Forwarded-Port $http_x_forwarded_port;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_redirect off;

        # websocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }

    access_log /var/log/nginx/soultuna.nry.pw-access.log;
    error_log /var/log/nginx/soultuna.nry.pw-error.log;
}

/srv/funkwhale/docker-compose.yml:

version: '3'

services:

  postgres:
    restart: unless-stopped
    env_file: .env
    image: postgres:9.4
    volumes:
      - ./data/postgres:/var/lib/postgresql/data

  redis:
    restart: unless-stopped
    env_file: .env
    image: redis:3
    volumes:
      - ./data/redis:/data

  celeryworker:
    restart: unless-stopped
    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
    env_file: .env
    # Celery workers handle background tasks (such file imports or federation
    # messaging). The more processes a worker gets, the more tasks
    # can be processed in parallel. However, more processes also means
    # a bigger memory footprint.
    # By default, a worker will span a number of process equal to your number
    # of CPUs. You can adjust this, by explicitly setting the --concurrency
    # flag:
    #   celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
    command: celery -A funkwhale_api.taskapp worker -l INFO
    links:
      - postgres
      - redis
    environment:
      - C_FORCE_ROOT=true
    #volumes:
    #  - ./data/music:/music:ro
    #  - ./data/media:/app/funkwhale_api/media
    volumes:
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}"


  celerybeat:
    restart: unless-stopped
    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
    env_file: .env
    command: celery -A funkwhale_api.taskapp beat -l INFO
    links:
      - postgres
      - redis

  api:
    restart: unless-stopped
    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
    env_file: .env
    volumes:
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}"
      - "${STATIC_ROOT}:${STATIC_ROOT}"
      - "${FUNKWHALE_FRONTEND_PATH}:/frontend"
    ports:
      - "5000"
    links:
      - postgres
      - redis

  # new service
  nginx:
    image: nginx
    env_file:
      - .env
    environment:
      # Override those variables in your .env file if needed
      - "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-30M}"
    volumes:
      - "./nginx/funkwhale.template:/etc/nginx/conf.d/funkwhale.template:ro"
      - "./nginx/funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro"
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}:ro"
      - "${STATIC_ROOT}:${STATIC_ROOT}:ro"
      - "${FUNKWHALE_FRONTEND_PATH}:/frontend:ro"
    ports:
      # override those variables in your .env file if needed
      - "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"
    command: >
        sh -c "envsubst \"`env | awk -F = '{printf \" $$%s\", $$1}'`\"
        < /etc/nginx/conf.d/funkwhale.template
        > /etc/nginx/conf.d/default.conf
        && cat /etc/nginx/conf.d/default.conf
        && nginx-debug -g 'daemon off;'"
    links:
      - api

/srv/funkwhale/.env:

# If you have any doubts about what a setting does,
# check https://docs.funkwhale.audio/configuration.html#configuration-reference

# If you're tweaking this file from the template, ensure you edit at least the
# following variables:
# - DJANGO_SECRET_KEY
# - DJANGO_ALLOWED_HOSTS
# - FUNKWHALE_URL
# - EMAIL_CONFIG and DEFAULT_FROM_EMAIL if you plan to send emails)
# On non-docker setup **only**, you'll also have to tweak/uncomment those variables:
# - DATABASE_URL
# - CACHE_URL
# - STATIC_ROOT
# - MEDIA_ROOT
#
# You **don't** need to update those variables on pure docker setups.
#
# Additional options you may want to check:
# - MUSIC_DIRECTORY_PATH and MUSIC_DIRECTORY_SERVE_PATH if you plan to use
#   in-place import
# Docker only
# -----------

# The tag of the image we should use
# (it will be interpolated in docker-compose file)
# You can comment or ignore this if you're not using docker
FUNKWHALE_VERSION=0.17
MUSIC_DIRECTORY_PATH=/music
MUSIC_DIRECTORY_SERVE_PATH=/srv/funkwhale/data/music

# End of Docker-only configuration

# General configuration
# ---------------------

# Set this variables to bind the API server to another interface/port
# example: FUNKWHALE_API_IP=0.0.0.0
# example: FUNKWHALE_API_PORT=5678
FUNKWHALE_API_IP=127.0.0.1
FUNKWHALE_API_PORT=5000

# Replace this by the definitive, public domain you will use for
# your instance
#FUNKWHALE_URL=https://soultuna.nry.pw

# Changed for 0.17 :
FUNKWHALE_HOSTNAME=soultuna.nry.pw
FUNKWHALE_PROTOCOL=https

FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist

# Configure email sending using this variale
# By default, funkwhale will output emails sent to stdout
# here are a few examples for this setting
# EMAIL_CONFIG=consolemail://         # output emails to console (the default)
# EMAIL_CONFIG=dummymail://          # disable email sending completely
# On a production instance, you'll usually want to use an external SMTP server:
# EMAIL_CONFIG=smtp://[email protected]:[email protected]:25
# EMAIL_CONFIG=smtp+ssl://[email protected]:[email protected]:465
# EMAIL_CONFIG=smtp+tls://[email protected]:[email protected]:587

# The email address to use to send systme emails. By default, we will
# [email protected]

# Depending on the reverse proxy used in front of your funkwhale instance,
# the API will use different kind of headers to serve audio files
# Allowed values: nginx, apache2
REVERSE_PROXY_TYPE=nginx

# API/Django configuration

# Database configuration
# Examples:
#  DATABASE_URL=postgresql://<user>:<password>@<host>:<port>/<database>
#  DATABASE_URL=postgresql://funkwhale:[email protected]:5432/funkwhale_database
# Use the next one if you followed Debian installation guide
# DATABASE_URL=postgresql://[email protected]:5432/funkwhale

# Cache configuration
# Examples:
#  CACHE_URL=redis://<host>:<port>/<database>
#  CACHE_URL=redis://localhost:6379/0
# Use the next one if you followed Debian installation guide
# CACHE_URL=redis://127.0.0.1:6379/0

# Where media files (such as album covers or audio tracks) should be stored
# on your system?
# (Ensure this directory actually exists)
MEDIA_ROOT=/srv/funkwhale/data/media

# Where static files (such as API css or icons) should be compiled
# on your system?
# (Ensure this directory actually exists)
STATIC_ROOT=/srv/funkwhale/data/static

# Update it to match the domain that will be used to reach your funkwhale
# instance
# Example: DJANGO_ALLOWED_HOSTS=funkwhale.yourdomain.com
DJANGO_ALLOWED_HOSTS=soultuna.nry.pw,localhost

# which settings module should django use?
# You don't have to touch this unless you really know what you're doing
DJANGO_SETTINGS_MODULE=config.settings.production

# Generate one using `openssl rand -base64 45`, for example
DJANGO_SECRET_KEY=xxxx

# You don't have to edit this, but you can put the admin on another URL if you
# want to
# DJANGO_ADMIN_URL=^api/admin/

# Sentry/Raven error reporting (server side)
# Enable Raven if you want to help improve funkwhale by
# automatically sending error reports our Sentry instance.
# This will help us detect and correct bugs
RAVEN_ENABLED=false
RAVEN_DSN=https://44332e9fdd3d42879c7d35bf8562c6a4:[email protected]/5

# In-place import settings
# You can safely leave those settings uncommented if you don't plan to use
# in place imports.
# MUSIC_DIRECTORY_PATH=
# MUSIC_DIRECTORY_SERVE_PATH=  # docker-only

/srv/funkwhale/nginx/funkwhale.template:

upstream funkwhale-api {
    # depending on your setup, you may want to update this
    server api:5000;
}


# required for websocket support
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    server_name ${FUNKWHALE_HOSTNAME};

    # TLS
    # Feel free to use your own configuration for SSL here or simply remove the
    # lines and move the configuration to the previous server block if you
    # don't want to run funkwhale behind https (this is not recommended)
    # have a look here for let's encrypt configuration:
    # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx

    root /frontend;

    location / {
        try_files $uri $uri/ @rewrites;
    }

    location @rewrites {
        rewrite ^(.+)$ /index.html last;
    }
    location /api/ {
        include /etc/nginx/funkwhale_proxy.conf;
        # this is needed if you have file import via upload enabled
        client_max_body_size ${NGINX_MAX_BODY_SIZE};
        proxy_pass   http://funkwhale-api/api/;
    }

    location /federation/ {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api/federation/;
    }

    # You can comment this if you do not plan to use the Subsonic API
    location /rest/ {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api/api/subsonic/rest/;
    }

    location /.well-known/ {
        include /etc/nginx/funkwhale_proxy.conf;
        proxy_pass   http://funkwhale-api/.well-known/;
    }

    location /media/ {
        alias ${MEDIA_ROOT}/;
    }

    location /_protected/media {
        # this is an internal location that is used to serve
        # audio files once correct permission / authentication
        # has been checked on API side
        internal;
        alias   ${MEDIA_ROOT};
    }

    location /_protected/music {
        # this is an internal location that is used to serve
        # audio files once correct permission / authentication
        # has been checked on API side
        # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
        internal;
        alias   ${MUSIC_DIRECTORY_PATH};
    }

    location /staticfiles/ {
        # django static files
        alias ${STATIC_ROOT}/;
    }

    error_log /var/log/nginx/soultuna.nry.pw-error.docker.log debug;
}

#22

J’ai beau me creuser les méninges, je ne vois pas pour quoi il continue à envoyer du http alors que ta conf est identique à la mienne :confused: