So we have this project due tonight. We have sat up all necessary AWS services using Terraform except for the TLS cert part. we have EC2, Route53, ALB, VPC. everything is working good but once we try to access our website, the browser blocks part. the browser shows that the cert is there and valid. our ALB conf is that we redirect http to https and from https to our EC2. in EC2, our vhost file for apache has both 80 and 443. we can not figure out where the problem exactly is.
this is our domain-name, git-legion.dev
we tried on all different browsers and they all show that the cert is there but they are blocking part of the website because there is a mixed content.
This is how our website should look like
But this is how browsers show it
If you look at the document returned by that url (after subsequent redirects), you'll see that a few of the resources have http://` urls.
$ curl -sL https://git-legion.dev | grep -F 'http://'
<link rel="stylesheet" href="http://git-legion.dev/js/plugins/select2/select2.min.css">
<link rel="stylesheet" href="http://git-legion.dev/css/dist/all.css?id=98db4e9b7650453c8b00">
<a href="http://git-legion.dev/setup" class="bs-wizard-dot"></a>
<a href="http://git-legion.dev/setup/migrate" class="bs-wizard-dot"></a>
<a href="http://git-legion.dev/setup/user" class="bs-wizard-dot"></a>
<form action="http://git-legion.dev/setup/migrate" method="GET">
<script src="http://git-legion.dev/js/dist/all.js?id=bf1b244d8cc9096e4a18" nonce="yn3lThimgEBlyTMj1FLCFRAIdVJuDCEYhXzPBNRD"></script>
url: "http://git-legion.dev/setup/mailtest",
That's why the browser refuses to access them, because the original connection was secure, but these other resources are not. There's no one answer on how best to build these URLs, but your application framework should be able to help you.