Login error: "This connection is not secure. Logins entered here could be compromised"

[gittbuh]

Hi all,

I just installed firefly-iii following a tutorial mentionned in the official documentation (selfhosted server using ubuntu 20.04), see here https://docs.firefly-iii.org/firefly-iii/installation/self_hosted/ and here https://gist.github.com/Engr-AllanG/34e77a08e1482284763fff429cdd92fa. The thing is running in a lxc container/ubuntu 20.04 inside proxmox.

Everything seemed to go well. I saw no errors during installation. I can log into my local instance at the local ip address normally. I have used pfsense to create a letsencrypt certificate and haproxy to redirect port 80 to port 443/https to be able to access securely from the outside through a subdomain, as I usually do with many other services. I can see the login page but when I try to input the password I get the error message "This connection is not secure. Logins entered here could be compromised". However, the browser url is https with a valid letsencrypt certificate. If I click sign in anyway, nothing happens. It does not seem possible. I tried several browsers, same problem every time.

I have read the FAQ and searched the forum but have not found anything like this o similar.

Any tips on what the problem could be would be really appreciated.

Thanks.

[JC5]

Set TRUSTED_PROXIES to **, should do the trick.

[gittbuh]

Thanks a lot for the answer. I had already done that. Unfortunately, it does not make any difference, problem persists. Something else I could try? Or somewhere else I could look?

[JC5]

The problem is the reverse proxy doesn't pass the right headers. Firefly III doesn't know it's behind a secure endpoint. I'm not sure how to fix it in your specific case.

[gittbuh]

Just for info, I think I fixed it :) I can login normally now and everything seems to work. This is what I did: I edited haproxy frontend, and under "advanced settings", I checked the box "Use "forwardfor" option". Haproxy says that: "The "forwardfor" option creates an HTTP "X-Forwarded-For" header which contains the client's IP address. This is useful to let the final web server know what the client address was. (eg for statistics on domains)". Cheers.

[gittbuh]

Hi again,

Could you please tell me what exactly are those "right headers" my reverse proxy is not passing? Is this maybe metionned somewhere in the documentation? I am working on my reserve proxy and would like to know exactly what I should be telling it to do so that firefly works properly. Thanks!

[JC5]

If you're using nginx

                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;