@01 "it won't open" isn't very descriptive. What is it actually doing? Screenshots are very helpful to convey that info.
What is your nginx config? Where did you get your https certificates? Have you been following a guide, and if so, which one?
Avoiding use of mixed content
-
I have just found out about nodebb and have been trying to get a bit familiar with it in the last few day. One thing I noticed so far is that this particular installation is served over HTTPS but actually has some non secure content mixed in it. In most browsers this only causes a little notification, but in some versions of Firefox, websites with mixed content are completely blocked. Here are some screenshots:
Some version of Firefox completely block mixedcontent
Chrome seems to show a warning when encountering mixed contentI believe there is an effort to discourage using of mixed content to improve the security of the web. I am not sure if this is a bug with nodebb itself, or just this particular installation, that is why I decided to post here to get some feedback. Are there any plans to address this issue?
-
on the main page it seems that the content
(gets shown within a widget sometimes) gets loaded insecure. The devs may change this because there is a secure image on same path.
So this is a problem of this instance.On some other pages you'll come around insecure content, that may be an image within posts (which NodeBB shoudn't filter, so it's ok).
Also some profile-images on this instance have an insecure reference (for some users who registered in early ages of NodeBB, it won't happen with newer user-images, so it's an instance problem too).Besides this problems I haven't encountered any mixed content yet (but I may have overseen them since I use chrome where the symbol is decent), so in your own board-instance you'd probably not encounter any mixed content (besides within user-posts).
-
Thanks for the report @arasbm, and your comments @frissdiegurke. The CMS Critic asset is now requesting via HTTPS, so the mixed use warning should no longer apply.
NodeBB itself does only request protocol-relative assets, although in the case of some older forums, they may be requesting uploaded image assets (avatars) via HTTP, although that is far and few between, and I believe an update to the latest version of NodeBB should handle that nicely.
-
@julian see this url please:
https://community.nodebb.org/topic/11555/test-mixed-content -
@sanatisharif You will need to have your users re-upload their images.
-
@sanatisharif You can also use nodebb-plugin-camo which will proxy user uploads through https, removing mixed-content warnings.
