Hi,
I moved backlight to another domain by copying the folders in document root.
I adjusted the two URLs to the backlight site in the personalisation block in the settings.
Now the backlight backend looks like this
Any Ideas?
Best Joe
try going to the Backlight Modules page and clicking on Reinstall All
Reinstalling modules and clearing the browser cache did not solve the problem
I found some error in the site source code view in safari
I use https to show the website.
Do you have an idea what causes there errors?
looks like it’s trying to serve http to https and is getting blocked.
Make sure that in Backlight Settings, the Site URL begins with https
then, under the Privacy section, make sure that Automatically Redirect Browsers To https is enabled.
This also did not solve the problem.
It seems that I have a problem with the ssl termination on my haproxy. It works if I send the traffic directly to the web server.
Thanks so far Rod.
Best regards,
Joe
Another thing to try is clicking “Update Backlight Index Files” on the Special Links page.
Tried this already. No effect. For the moment it´s ok for me.
But someday I have to find a fix…
Hi @Ben
it´s complicated.
The problem does not appear when I send my network traffic directly from the firewall to the web server. When I turn my load balancer (haproxy) back on I have the problems again.
Now I switched back to the load balancer mode(with ssl offloading so that the load balancer decrypts the ssl traffic, not the web server). Now you can try and see what happens:
In load balancer setting I have to disable ssl on the web server as the load balancer handles ssl. Now I get “too many redirections”. When I set “BLOCK_HTTP_Redirections” in env.php the website is showing fine but backlight does not show correctly.
Then I get the errors you see above (“not allowed to run unsecured content from http”).
Best Joe
Hi @schweidj, I haven’t used haproxy in years. What is your intention with having that in front of Backlight?
Two options I can think of:
- Serve Backlight over SSL on your origin server, then have SSL processed twice
- Configure the Site URL on Backlight to use https:// but serve the files from the origin server on a port such as port 80.
Have you tried either of those two approaches?
One thing to look at to help debug is the PHP Info page (found under Backlight > Special Links). See what the values are for $_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST'].
Hi @Ben,
The reason why Í am using haproxy is easy. I have several VM´s and my pfsense with haproxy manages all th LE Certs. Otherwise every VM would have to do it for itself.
Now Í setup a mixed mode on haproxy (with ssl offloading and passthrough only for backlight). Ít is ok for me now. But maybe someone else will face this issue also.
Best,
Joe
Hi @schweidj,
Yours is a unique case in the life of Backlighr so far.
What would you have Backlight do differently?
Hi @Ben,
I do not have a problem with this anymore. My site is working well in ssl passthrough mode.
It´s just, that reverse proxys get more an more common and I don´t know if I’m doing something wrong in my reverse proxy (when in offloading mode) or if backlight handles something the wrong way.
Best,
Joe
Hi @schweidj, I can imagine there could be issues with URLs, depending on the mechanism to proxy through. Backlight has a variety of approaches to determine paths and URLs, from a long history of products that preceded Backlight. Some of the code goes back over a decade.
Those methods often rely on PHP’s $_SERVER values such as $_SERVER['HTTP_HOST']. How those values are automatically filled would depend on the environment and what’s been passed through from the proxy to the web server.