Hello,
I have set up a nopCommerce site. I'm using Ubuntu 18.04 LTS and nginx. I used Let's Encrypt to obtain an SSL certificate for my site.
When I go to my website it's "secure" for everything except the pictures. I don't have any custom plugins, only the Nivo Slider. I've seen comments elsewhere how the image itself could be pointed to a NON-https url. That's the case here, but I have no clue how to correct that.
If i go to Admin > Configuration > Store and enable SSL my Admin panel is not reachable. I have to correct the record manually in the DB to turn SLL off.
I've seen other topics how this is likely an issue with my certificate.
Here is the report for my certificate: https://www.ssllabs.com/ssltest/analyze.html?d=preview.jnsfullstack.com As far as I can tell everything looks fine.
I used the Certbot CLI to install my certificate: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx
I turned auto-redirect to OFF and ON, both cause the same issue.
Link to my website: https://preview.jnsfullstack.com
On pages with no images the website is fully secured.
[4.30] Setting up SSL with NGINX and Certbot
- 210
- 1678
- 2/9/2018
- United Kingdom
Hi jBigler01
Please check appsettings.json for this setting. If false, change to true
Jon
jbigler01 wrote:
Please check appsettings.json for this setting. If false, change to true
"UseHttpXForwardedProto": true,
Jon
jbigler01 wrote:
Hello,
I have set up a nopCommerce site. I'm using Ubuntu 18.04 LTS and nginx. I used Let's Encrypt to obtain an SSL certificate for my site.
When I go to my website it's "secure" for everything except the pictures. I don't have any custom plugins, only the Nivo Slider. I've seen comments elsewhere how the image itself could be pointed to a NON-https url. That's the case here, but I have no clue how to correct that.
If i go to Admin > Configuration > Store and enable SSL my Admin panel is not reachable. I have to correct the record manually in the DB to turn SLL off.
I've seen other topics how this is likely an issue with my certificate.
Here is the report for my certificate: https://www.ssllabs.com/ssltest/analyze.html?d=preview.jnsfullstack.com As far as I can tell everything looks fine.
I used the Certbot CLI to install my certificate: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx
I turned auto-redirect to OFF and ON, both cause the same issue.
Link to my website: https://preview.jnsfullstack.com
On pages with no images the website is fully secured.
I have set up a nopCommerce site. I'm using Ubuntu 18.04 LTS and nginx. I used Let's Encrypt to obtain an SSL certificate for my site.
When I go to my website it's "secure" for everything except the pictures. I don't have any custom plugins, only the Nivo Slider. I've seen comments elsewhere how the image itself could be pointed to a NON-https url. That's the case here, but I have no clue how to correct that.
If i go to Admin > Configuration > Store and enable SSL my Admin panel is not reachable. I have to correct the record manually in the DB to turn SLL off.
I've seen other topics how this is likely an issue with my certificate.
Here is the report for my certificate: https://www.ssllabs.com/ssltest/analyze.html?d=preview.jnsfullstack.com As far as I can tell everything looks fine.
I used the Certbot CLI to install my certificate: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx
I turned auto-redirect to OFF and ON, both cause the same issue.
Link to my website: https://preview.jnsfullstack.com
On pages with no images the website is fully secured.
- 210
- 1678
- 2/9/2018
- United Kingdom
Haha! At least £22.50 :-)
from this MS document..
https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-3.1
the technical description below from MS - I think the NopCommerce setting in appsetting.json is basically switching on the below (behind the scenes) in the nopCommerce http request pipeline
A reverse proxy is a common setup for serving dynamic web apps. A reverse proxy terminates the HTTP request and forwards it to the ASP.NET Core app.
Use a reverse proxy server
Kestrel is great for serving dynamic content from ASP.NET Core. However, the web serving capabilities aren't as feature rich as servers such as IIS, Apache, or Nginx. A reverse proxy server can offload work such as serving static content, caching requests, compressing requests, and HTTPS termination from the HTTP server. A reverse proxy server may reside on a dedicated machine or may be deployed alongside an HTTP server.
For the purposes of this guide, a single instance of Nginx is used. It runs on the same server, alongside the HTTP server. Based on requirements, a different setup may be chosen.
Because requests are forwarded by reverse proxy, use the Forwarded Headers Middleware from the Microsoft.AspNetCore.HttpOverrides package. The middleware updates the Request.Scheme, using the X-Forwarded-Proto header, so that redirect URIs and other security policies work correctly.
Forwarded Headers Middleware should run before other middleware. This ordering ensures that the middleware relying on forwarded headers information can consume the header values for processing. To run Forwarded Headers Middleware after diagnostics and error handling middleware, see Forwarded Headers Middleware order.
Invoke the UseForwardedHeaders method at the top of Startup.Configure before calling other middleware. Configure the middleware to forward the X-Forwarded-For and X-Forwarded-Proto headers:
C#
Copy
// using Microsoft.AspNetCore.HttpOverrides;
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
If no ForwardedHeadersOptions are specified to the middleware, the default headers to forward are None.
jbigler01 wrote:
from this MS document..
https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-3.1
the technical description below from MS - I think the NopCommerce setting in appsetting.json is basically switching on the below (behind the scenes) in the nopCommerce http request pipeline
A reverse proxy is a common setup for serving dynamic web apps. A reverse proxy terminates the HTTP request and forwards it to the ASP.NET Core app.
Use a reverse proxy server
Kestrel is great for serving dynamic content from ASP.NET Core. However, the web serving capabilities aren't as feature rich as servers such as IIS, Apache, or Nginx. A reverse proxy server can offload work such as serving static content, caching requests, compressing requests, and HTTPS termination from the HTTP server. A reverse proxy server may reside on a dedicated machine or may be deployed alongside an HTTP server.
For the purposes of this guide, a single instance of Nginx is used. It runs on the same server, alongside the HTTP server. Based on requirements, a different setup may be chosen.
Because requests are forwarded by reverse proxy, use the Forwarded Headers Middleware from the Microsoft.AspNetCore.HttpOverrides package. The middleware updates the Request.Scheme, using the X-Forwarded-Proto header, so that redirect URIs and other security policies work correctly.
Forwarded Headers Middleware should run before other middleware. This ordering ensures that the middleware relying on forwarded headers information can consume the header values for processing. To run Forwarded Headers Middleware after diagnostics and error handling middleware, see Forwarded Headers Middleware order.
Invoke the UseForwardedHeaders method at the top of Startup.Configure before calling other middleware. Configure the middleware to forward the X-Forwarded-For and X-Forwarded-Proto headers:
C#
Copy
// using Microsoft.AspNetCore.HttpOverrides;
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
If no ForwardedHeadersOptions are specified to the middleware, the default headers to forward are None.
jbigler01 wrote:
Oh My God Jon, thank you!
I don't know what they pay you... but it should be at least £20 more a year!
Would you mind explaining what that configuration setting is and why it worked?
I don't know what they pay you... but it should be at least £20 more a year!
Would you mind explaining what that configuration setting is and why it worked?