We help IT Professionals succeed at work.
Get Started

How to resolve Mixed content error with https and reverse proxy on nginx?

neal wang
neal wang asked
Last Modified: 2020-02-09
How do I resolve "Mixed Content: The page at 'https://win.interstagebpm.com/social/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://win.interstagebpm.com/social/index.php/login'. This endpoint should be made available over a secure connection." ?

I'm trying to get the php forms to load but they aren't, what am I missing?

I'm using nginx to reverse proxy apache which is hosting the social engine platform on 8080.

Apache is running port 80 and there is a https certificate as well

Here is my nginx file:

server {
    server_name  win.interstagebpm.com;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        #root   /usr/share/nginx/html; default page.. remove hash and this comment after ; 
        root    /var/www/html;
        index  index.php index.html index.htm;
        try_files $uri $uri/ =404;

    location /aa/ {
        proxy_cookie_path / /aa/;
    proxy_pass http://win.interstagebpm.com:49950/aa/;

     location ~ \.php$ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
	proxy_redirect http:// https://;

         location ~ /\.ht {
                deny all;
    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;

    # proxy the PHP scripts to Apache listening on
    #location ~ \.php$ {
    #    proxy_pass;

    # pass the PHP scripts to FastCGI server listening on
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #location ~ /\.ht {
    #    deny  all;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/win.interstagebpm.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/win.interstagebpm.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


server {
    if ($host = win.interstagebpm.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen       80;
    server_name  win.interstagebpm.com;
    return 404; # managed by Certbot


Open in new window

Watch Question
This problem has been solved!
Unlock 1 Answer and 27 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant

An Experts Exchange subscription includes unlimited access to online courses.

Get Started
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE