Armadietto: Mixed-content Errors

I’ve instantiated a server with this config file:
{
“allow_signup”: true,
“storage_path”: “/usr/share/armadietto”,
“cache_views”: true,
“http”: {
“host”: “127.0.0.1”,
“port”: 8000
},
“https”: {
“enable”: true,
“force”: true
},
“basePath”: “”
}

Apache 2.4.52 is set up as an SSL-terminating reverse proxy:
ProxyPass “/” “http://127.0.0.1:8000/” connectiontimeout=5 timeout=30
ProxyPassReverse “/” “http://127.0.0.1:8000/

I can create an account, but syncing fails in Chrome with the error:
Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure resource ‘’. This request has been blocked; the content must be served over HTTPS.

The error does not occur under Firefox. Under Safari, the authorization process does not complete. Setting https.force to false does not change the error.

Do I need to have Apache connect to Armadietto using HTTPS?

You might want to set X-Forwarded-Proto or one of the similar headers in your Apache reverse proxy config:

I think it’s also always a good idea to set X-Forwarded-For and X-Forwarded-Host when creating reverse proxies.

1 Like

I set

RequestHeader set x-forwarded-ssl "on"
RequestHeader set x-forwarded-scheme "https"
RequestHeader set x-forwarded-proto "https"

and now it works. (Presumably only one is necessary.) Thanks!

Apache sets x-forwarded-for, x-forwarded-host, and x-forwarded-server when you use ProxyPass.

Documentation pull request:

1 Like