[SOLVED] Problem HTTPS (Mixed Content)

[gianfelicevincenzo]

Hi. My configuration of configuration.js:

// default authentication configuration, never fill it in case the webui is hosted in public IP as it can be compromised
    host: location.protocol.startsWith("http") ? location.hostname : "localhost",
    path: "/jsonrpc",
    port: 6800,
    encrypt: true,
    auth: {
      // either add the token field or the user and pass field, not both.
       token: 'MYTOKEN'
      /*-----------------------------*/
      // user: '*YOUR_USERNAME*',
      // pass: '*YOUR_SECRET_PASS*'
    },

Configuration of apache (site aria2.conf):

<VirtualHost *:443>
   ServerName aria.home.io
   DocumentRoot /var/www/html/webui-aria2/docs
   
   ProxyPass /jsonrpc wss://127.0.0.1:6800/jsonrpc
   ProxyPassReverse /jsonrpc wss://127.0.0.1:6800/jsonrpc
</VirtualHost>

Messages of firefox:

Why does the "Mixed Content" message always appear if everything has been set to a secure connection?

[no1xsyzy]

IIRC configuration.js is not working, resulting that Web-UI is falling back to http://<samehost>:6800, which is unsafe mixed content.
BTW if I guessed correctly, you should ProxyPass to ws://127.0.0.1:6800/json, for you shouldn't create a certificate for 127.0.0.1.

[gianfelicevincenzo]

So, the problem is with webui-aria2? If so, how can this be resolved?

[no1xsyzy]

For now, only #417 way works nobly.
If you want to dig a little bit, #473 (comment) will also be helpful.

[gianfelicevincenzo]

Thanks...but I noticed that this problem has been around for a long time ... why hasn't it "been solved" yet?

[no1xsyzy]

This project was switched to modern build system, but no one was familiar with that. The building system requires developer to have the entire node environment, which deactivates potential developers even more.
I am sticking to version before that happens.

[gianfelicevincenzo]

@no1xsyzy I finally solved it! But I had to edit the app.js file like this (on the following lines):

Before:

170 .constant("$authconf", {
172 host: location.protocol.startsWith("http") ? location.hostname : "localhost",
173 path: "/jsonrpc",
174 port: 6800,
175 encrypt: !1,
176 auth: {},
177 directURL: ""
178 })
....
....
320 u.push(
321 { host: r.host(), path: "/jsonrpc", port: 6800, encrypt: !1 },
....
....

After:

170 .constant("$authconf", {
172 host: location.protocol.startsWith("http") ? location.hostname : "localhost",
173 path: "/jsonrpc",
174 port: 443,
175 encrypt: true,
176 auth: {},
177 directURL: ""
178 })
....
....
320 u.push(
321 { host: r.host(), path: "/jsonrpc", port: 443, encrypt: true },
....
....

Now could you tell me (unfortunately I'm not javascript expert :) ) if something is missing or is it a correct modification? (Obviously the static parameters are the ones I set as they reflect my needs)

[no1xsyzy]

If it works, it is correct.

BTW to mark it solved, you are suggest to "close" it instead of change the title. Conversation can continue after closed, as long as collaborators didn't "lock" it, which usually doesn't happen here since owner and collaborators are not so active and there is no bot locker.

[gianfelicevincenzo]

Sorry, you are right :). More than anything else I was waiting for a "definitive" answer to be able to close the issue