Hi,

I moved backlight to another domain by copying the folders in document root.
I adjusted the two URLs to the backlight site in the personalisation block in the settings.

Now the backlight backend looks like this

Bildschirmfoto 2024-06-25 um 08.21.28768×724 29.5 KB

Any Ideas?

Best Joe

try going to the Backlight Modules page and clicking on Reinstall All

Reinstalling modules and clearing the browser cache did not solve the problem

I found some error in the site source code view in safari

Bildschirmfoto 2024-06-25 um 14.46.581670×262 78.4 KB

I use https to show the website.

Do you have an idea what causes there errors?

looks like it’s trying to serve http to https and is getting blocked.
Make sure that in Backlight Settings, the Site URL begins with https

then, under the Privacy section, make sure that Automatically Redirect Browsers To https is enabled.

This also did not solve the problem.
It seems that I have a problem with the ssl termination on my haproxy. It works if I send the traffic directly to the web server.
Thanks so far Rod.

Best regards,
Joe

Another thing to try is clicking “Update Backlight Index Files” on the Special Links page.

Tried this already. No effect. For the moment it´s ok for me.
But someday I have to find a fix…

@Ben may need to take a look.

Hi @schweidj, has this been resolved? Your site and the Backlight admin login page look fine to me.

Hi @Ben

it´s complicated.

The problem does not appear when I send my network traffic directly from the firewall to the web server. When I turn my load balancer (haproxy) back on I have the problems again.

Now I switched back to the load balancer mode(with ssl offloading so that the load balancer decrypts the ssl traffic, not the web server). Now you can try and see what happens:

In load balancer setting I have to disable ssl on the web server as the load balancer handles ssl. Now I get “too many redirections”. When I set “BLOCK_HTTP_Redirections” in env.php the website is showing fine but backlight does not show correctly.

Then I get the errors you see above (“not allowed to run unsecured content from http”).

Best Joe

Hi @schweidj, I haven’t used haproxy in years. What is your intention with having that in front of Backlight?

Two options I can think of:

1. Serve Backlight over SSL on your origin server, then have SSL processed twice
2. Configure the Site URL on Backlight to use https:// but serve the files from the origin server on a port such as port 80.

Have you tried either of those two approaches?

One thing to look at to help debug is the PHP Info page (found under Backlight > Special Links). See what the values are for $_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST'].

Hi @Ben,

The reason why Í am using haproxy is easy. I have several VM´s and my pfsense with haproxy manages all th LE Certs. Otherwise every VM would have to do it for itself.

Now Í setup a mixed mode on haproxy (with ssl offloading and passthrough only for backlight). Ít is ok for me now. But maybe someone else will face this issue also.

Best,
Joe

Hi @schweidj,

Yours is a unique case in the life of Backlighr so far.
What would you have Backlight do differently?

Hi @Ben,

I do not have a problem with this anymore. My site is working well in ssl passthrough mode.

It´s just, that reverse proxys get more an more common and I don´t know if I’m doing something wrong in my reverse proxy (when in offloading mode) or if backlight handles something the wrong way.

Best,
Joe

Hi @schweidj, I can imagine there could be issues with URLs, depending on the mechanism to proxy through. Backlight has a variety of approaches to determine paths and URLs, from a long history of products that preceded Backlight. Some of the code goes back over a decade.
Those methods often rely on PHP’s $_SERVER values such as $_SERVER['HTTP_HOST']. How those values are automatically filled would depend on the environment and what’s been passed through from the proxy to the web server.

Hi @Ben

I´m coming back to the old problem again. I moved my site to a new hardware and again the site is behind a haproxy reverse proxy (ssl offloading because of easier certificate management). My website (augenblicke.net) is showing fine but the backend appears scrambled.

Bildschirmfoto 2024-11-29 um 16.06.53389×613 35.5 KB

Also I cannot access the hidden settings as the “edit” button appears only as text.

Do you have another idea what´s going wrong here?

Best regards,
Joe

Hi @schweidj, can you visit the PHP Info page and send me a screenshot/screenshots of the entire page? This can be done by clicking on my profile picture followed by ‘Message’.

The PHP Info page can be found on the Backlight > Special Links page.

If you can’t get to that page, an equivalent page can be created by making a file called phpinfo.php with this contents:

<?php
phpinfo();

Uploading it to your server and browsing to /phpinfo.php (or wherever you’ve uploaded it to). Once captured, it’s best to then delete that file from your server.

Hi @Joe, thanks for the PHP info. Can you go into your Backlight admin settings and see what you have for Site URL? If it starts with http then try changing it so that it starts with https.

Hi @Joe, this may be the solution. Backlight is not aware that the site is being browsed over https. To make it aware set the following for haproxy:

http-request set-header X-Forwarded-Proto https

Backlight does check for that value when creating URLs, at least as a fallback to checking for the $_SERVER['HTTPS'] value, which would have been set had haproxy not been in front of the web server.

I am not familiar enough with haproxy to advise where that would be set. A quick search brought up this post on Stack Overflow: X-Forwarded-Proto https in frontend or backend (HAProxy)? - Stack Overflow

Hi @Ben,

adding

http-request set-header X-Forwarded-Proto https

to the appropriate backend in haproxy.cfg solved the problem.

Thank you very much for your help.

Best regards
Joe