Cannot Access Akaunting Via HTTPS

Dear Akaunting Team and Users,

I have installed Akaunting 1.1.9 on CentOS 7.4-1708, Apache 2.4.6, PHP 7.1.11, MariaDB 5.5.56, and SELinux Enforcing  (Tested with SELinux set to Permissive also).  This installation is behind an Apache Reverse Proxy server.  When accessing locally and over the Internet using HTTP via the proxy server, all pages show properly and works flawlessly so far as tested.  However, when using HTTPS via the proxy server, the site seems to loose all CSS formatting although the site itself is accessible.  Have you guys experienced this yet?  I have not found a fix myself yet.

Interestingly enough, after logging out via HTTPS, I cannot login.  However, while already logged in via HTTP and switching to HTTPS while still actively logged in, I am able to navigate the unformatted pages.

UPDATED:  I have installed HTTPS locally on the Akaunting server.  Accessing via HTTPS on the local network all pages show properly and works flawlessly so far as tested.  I think the issue may be with passing the images through the proxy.

RESULTS:

HTTP on local network:  WORKS

HTTPS on local network:  WORKS

HTTP via proxy over Internet:  WORKS

HTTPS via proxy over Internet:  DOES NOT WORK

Havent test your kind of network installation through proxy, but... I remember having a proxy for users and used to have problems with my NAT and proxy configuration.  I had to mangle traffic to solve it, was a mikrotik router.  Sorry not too be helpfull...

Thanks for your reply Sebastian.  I do have many other web applications using this exact setup successfully.  The odd thing to me is that it passes images using HTTP but not HTTPS.  So it works, just not over a secure channel.

Hi, Calvin.
You need to tell laravel that it's installed behind proxy. Fortunately there is plugin for this task you can use called fideloper/proxy.

You may want to support me to ask the developer of akaunting to include this plugin on this issue https://github.com/akaunting/akaunting/issues/190

Hi Dhimas:

My initial notes above reflect the configuration of my environment.  I am using an Apache Reverse Proxy server.  Since my last post, I have at least identified what I think is the issue.  "Mixed Content".  Browsers are limiting the Akaunting web application over HTTPS by blocking loaded mixed active content.  Here's an excerpt from Mozilla (Firefox):

When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and is therefore safeguarded from most sniffers and man-in-the-middle attacks. An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers. That leaves the pages unsafe.

Starting with Firefox 23, Firefox blocks active mixed content by default. This follows a practice adopted by Internet Explorer (since version 9) and Chrome.

https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content?utm_source=mozilla&utm_medium=firefox-console-errors&utm_campaign=default

https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content

I have been focusing my efforts on a correct vhost configuration using Apache Reverse Proxy.  I have not tested the fideloper/proxy you mentioned in your post.  I've started studying it but no implementation yet. 

I am working a similar issue with another web application and hoping my efforts will get them both operating via the proxy correctly.  I have made great progress with the other app and hope to transfer my lessons learned to Akaunting.  I have to admit, I've having a tough time.  :-(  Hoping the Akaunting dev team or fellow user may have some insight.

Hey guys,

Thanks for all your inputs.

I've not tested Akaunting on server with proxy but the fideloper/proxy package seems to resolve the issue so will add to the next release.

Regards

Denis,

With great anticipation and appreciation..... Thank you!

Hi again Dhimas:

Do you have a reference that you can point me to as to the how of implementing fideloper/proxy? 

Thank you, Calvin.

Calvin, it comes in 1.1.10 version https://github.com/akaunting/akaunting/issues/190

Thanks Denis.  I upgraded to 1.1.10 a few hours ago but saw no change.  I will change my Apache Reverse Proxy vHost configuration and make another attempt.  Are there any adjustments I need to make at the application layer?  ...which prompted my earlier request to Dhimas.

=== UPDATE ===

Modified vHost file.  No change.  Testing with Firefox, Chrome and Chromium on CentOS7 desktop.

Denis, by chance, have you been able to configure and test with a similar environment?  I know it's a bit much to ask, just curious.