I’ve recently set up the Pterodactyl Panel on my server using Docker. The panel works fine and I’m using SSL to serve it over HTTPS. However, I’m encountering a Mixed Content issue on my site.
When I visit the admin page (https://domain/admin/locations), the page loads over a secure connection, but it contains a form that targets an insecure endpoint: http://domain/admin/locations.
This is causing warnings in the browser about the page not being fully secure and some of the content being loaded over HTTP.
I’ve tried the following so far:
Configured SSL with certbot and Nginx for HTTPS. Checked the URL and changed HTTP endpoints to HTTPS in the configuration files. Ensured that server_name in the Nginx config points to the correct domain. But the issue persists with the form action still being http:// rather than https://.
here is config file
server {
# put ssl config here
listen 443 ssl;
# include snippets/server_name.ssl.conf;
server_name server_name;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header Connection "Upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Nginx-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
# set serverip to 127.0.0.1 if you are only using one server.
proxy_pass http://server_name:802;
}
# listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/server_name/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/server_name/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Has anyone encountered a similar problem with the pterodactyl:latest image or can suggest how to resolve this issue? I would really appreciate any help or pointers on how to make sure all forms and endpoints use HTTPS securely.
PS: I changed my domain to a server_name.