dockerreverse-proxyshopware6caddymixed-content

Shopware 6 mixed content error when using reverse proxy


The problem I'm having:

I get a mixed content error when adding a reverse proxy before the Docker container running a Caddy server, PHP, MySQL and myPhpAdmin in another container.

Here is my setup and an quick drawing of what I want to do:

It's running on a virtual server on AlmaLinux 9, the domain vanill.at is connected to the servers IP using DNS A records, there is no issues with that.

Caddy in Docker used as a reverse proxy for other Docker containers

/srv/docker-compose.yml

_

version: "3.9"
services:
  caddy:
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    ports:
      - 80:80
      - 443:443
    environment:
      - CADDY_INGRESS_NETWORKS=caddy
    networks:
      - caddy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - caddy_data:/data
    restart: unless-stopped

networks:
  caddy:
    external: true

volumes:
  caddy_data: {}

The docker-compose.yml for the upstream containers

/srv/lcmp/docker-compose.yml

_

version: '3.9'
networks:
  caddy:
    external: true
  internal: {}
services:
  php:
    build: ./php_docker/
    volumes:
      - './www/:/var/www/html/'
    networks:
      - internal
      - caddy
  caddy:
    build: ./caddy_docker/
    depends_on:
      - php
    restart: unless-stopped
    volumes:
      - './www/:/var/www/html/'
      - './caddy_docker/Caddyfile:/etc/caddy/Caddyfile'
      - 'caddy_data:/data'
      - 'caddy_config:/config'
    labels:
      caddy: vanill.at
      caddy.reverse_proxy: "{{upstreams}}"
    networks:
      - internal
      - caddy
  mysql:
    image: 'mysql:8.0'
    environment:
      MYSQL_ROOT_PASSWORD: <redacted>
    volumes:
      - 'mysqldata:/var/lib/mysql'
    networks:
      - internal
  phpmyadmin:
    image: 'phpmyadmin/phpmyadmin:latest'
    ports:
      - '8080:80'
    environment:
      PMA_HOST: mysql
    networks:
      - internal
    depends_on:
      - mysql
volumes:
  mysqldata: null
  caddy_data: null
  caddy_config: null

The Caddyfile

/srv/lcmp/caddy_docker/Caddyfile

_

:80 {
        encode gzip zstd
        root * /var/www/html/public
        php_fastcgi php:9000
        file_server
        header {
                -server
                -Link
                -X-Powered-By

                # disable FLoC tracking
                #Permissions-Policy interest-cohort=()

                # enable HSTS
                Strict-Transport-Security max-age=31536000;

                # disable clients from sniffing the media type
                X-Content-Type-Options nosniff

                # clickjacking protection
                X-Frame-Options DENY

                # keep referrer data off of HTTP connections
                Referrer-Policy no-referrer-when-downgrade
        }
}

The .env file for Shopware 6

/srv/lcmp/www/.env

_

###> symfony/messenger ###
# Choose one of the transports below
# MESSENGER_TRANSPORT_DSN=amqp://guest:guest@localhost:5672/%2f/messages
# MESSENGER_TRANSPORT_DSN=redis://localhost:6379/messages
# doctrine://default?auto_setup=0
###< symfony/messenger ###

###> symfony/mailer ###
# MAILER_DSN=null://null
###< symfony/mailer ###

###> symfony/lock ###
# Choose one of the stores below
# postgresql+advisory://db_user:db_password@localhost/db_name
LOCK_DSN=flock
###< symfony/lock ###

#TRUSTED_PROXIES=127.0.0.1,127.0.0.2,192.168.112.5,192.168.112.6,192.168.112.3
#TRUSTED_HOSTS=vanill.at,www.vanill.at

###> shopware/core ###
APP_ENV=prod
APP_URL=http://127.0.0.1:8000
APP_SECRET=<redacted>
INSTANCE_ID=<redacted>
BLUE_GREEN_DEPLOYMENT=0
DATABASE_URL=mysql://root:root@localhost/shopware
# With Shopware 6.4.17.0 the MAILER_DSN variable will be used in this template instead of MAILER_URL
MAILER_URL=null://null
###< shopware/core ###

###> shopware/elasticsearch ###
OPENSEARCH_URL=http://localhost:9200
SHOPWARE_ES_ENABLED=0
SHOPWARE_ES_INDEXING_ENABLED=0
SHOPWARE_ES_INDEX_PREFIX=sw
SHOPWARE_ES_THROW_EXCEPTION=1
###< shopware/elasticsearch ###

###> shopware/storefront ###
STOREFRONT_PROXY_URL=http://localhost
SHOPWARE_HTTP_CACHE_ENABLED=1
SHOPWARE_HTTP_DEFAULT_TTL=7200
###< shopware/storefront ###

The .env.local file for Shopware 6

/srv/lcmp/www/.env.local

_

APP_SECRET=<redacted>
APP_URL=https://vanill.at
DATABASE_URL=mysql://<redacted>:<redacted>@lcmp-mysql-1:3306/shopwaredb
COMPOSER_HOME=/var/www/html/var/cache/composer
INSTANCE_ID=<redacted>
BLUE_GREEN_DEPLOYMENT=0
OPENSEARCH_URL=http://localhost:9200
ADMIN_OPENSEARCH_URL=http://localhost:9200
TRUSTED_PROXIES=127.0.0.1,127.0.0.2,192.168.112.5,192.168.112.6,192.168.112.3,192.168.160.2
TRUSTED_DOMAINS=vanill.at
TRUSTED_HEADERS='["x-forwarded-for", "x-forwarded-host", "x-forwarded-proto", "x-forwarded-port", "x-forwarded-prefix"]'

Here is the output of docker ps

CONTAINER ID   IMAGE                                       COMMAND                  CREATED          STATUS          PORTS
                                                NAMES
e0a010df894d   phpmyadmin/phpmyadmin:latest                "/docker-entrypoint.…"   41 minutes ago   Up 41 minutes   0.0.0.0:8080->80/tcp, :::8080->80/tcp                                                lcmp-phpmyadmin-1
cf4f1a7eb653   lcmp-caddy                                  "caddy run --config …"   41 minutes ago   Up 41 minutes   80/tcp, 443/tcp, 2019/tcp, 443/udp                                                   lcmp-caddy-1
8d4747c0b538   lcmp-php                                    "docker-php-entrypoi…"   41 minutes ago   Up 41 minutes   9000/tcp
                                                lcmp-php-1
bash-5.1#
                                                lcmp-mysql-1
92098701bc11   lucaslorentz/caddy-docker-proxy:ci-alpine   "/bin/caddy docker-p…"   43 minutes ago   Up 42 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 2019/tcp   srv-caddy-1

Here is the output of docker network inspect caddy

[
    {
        "Name": "caddy",
        "Id": "51d3eb268905ce067549daae818be0e613f010a7313b89d60813b77c68ac6897",
        "Created": "2024-03-24T19:07:33.964517939+01:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.160.0/20",
                    "Gateway": "192.168.160.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "8d4747c0b53858546c0806e40c64c77530f73d0cac40e28cb08e34a2eb192a1c": {
                "Name": "lcmp-php-1",
                "EndpointID": "e6c43f11925449c2e963db9f79a7b9f56e5b516afd67765a1e0f4c127ca70e9c",
                "MacAddress": "02:42:c0:a8:a0:03",
                "IPv4Address": "192.168.160.3/20",
                "IPv6Address": ""
            },
            "92098701bc11792943ba2df1df3d0ffda25ca35aa1d28ca7be24513a1d6f92d2": {
                "Name": "srv-caddy-1",
                "EndpointID": "73d3d97fe781011072500e930dba901b9c055e2693a2ed4f68d5b5d712b1f296",
                "MacAddress": "02:42:c0:a8:a0:02",
                "IPv4Address": "192.168.160.2/20",
                "IPv6Address": ""
            },
            "cf4f1a7eb653f5e9910a85ce960a17c53bbf4c3da7f5eb5744b78d85779ddc4c": {
                "Name": "lcmp-caddy-1",
                "EndpointID": "ccf7db6feb2d5bdf4dfb868dceb1811df9f9f9cef3b00bde7dbd0d006dd5c850",
                "MacAddress": "02:42:c0:a8:a0:04",
                "IPv4Address": "192.168.160.4/20",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

When I run Shopware in the upstream Caddy, PHP, MySQL, phpMyAdmin Docker container alone without the reverse proxy in front of it (after modifying the docker-compose.yml to add ports in the Caddy service 80:80, 443:443, 443:443/udp, removing networks, modifying the Caddyfile to have vanill.at as the site-url) there is no mixed content error, both the Shopware frontend and backend work flawlessly.

Here I'm reading that I need to configure the .env file, which I did but it did not solve the error.

https://symfony.com/doc/current/deployment/proxies.html


Solution

  • I've solved this issue by adding

    php_fastcgi  php:9000 {
        trusted_proxies private_ranges
    }
    

    To the Caddyfile in /srv/lcmp/caddy_docker and also setting

    TRUSTED_PROXIES to the IP / IP range which the Caddy reverse proxy uses, in /srv/lcmp/www/.env.local

    TRUSTED_PROXIES=192.168.160.0/0
    

    And I also had to use this index.php in /www/public instead of the default one

    https://github.com/shopware/recipes/blob/main/shopware/core/6.4/public/index.php#L36-L47

    also make sure to chown -R www-data:www-data /var/www/html or whatever your applications root folder is after creating files...