No HTTPS URLs in the Shopware 6.6 administration

With the major update of Shopware 6, the underlying PHP framework Symfony was updated to version 7. The major upgrade to Symfony 7 removed some standard configurations.


Error message

The Shopware 6.6 administration does not load and displays the following error messages in the developer console:

Mixed Content: The page at 'https://s25741.creoline.cloud/admin#/login/' was loaded over HTTPS,
but requested an insecure stylesheet
'http://s25741.creoline.cloud/bundles/administration/static/css/app.css?1717772049'.
This request has been blocked; the content must be served over HTTPS.


The problem arises because Shopware does not contain any information that the request was forwarded by an authenticated load balancer.


Solution

In Shopware 6.6 an additional framework.yaml must be configured, which sets the original TRUSTED_PROXIES configuration.


# config/packages/framework.yaml

framework:
    trusted_proxies: '%env(TRUSTED_PROXIES)%'


The TRUSTED_PROXIES configuration can then be set up in .env.local.

# .env.local

TRUSTED_PROXIES=127.0.0.1,10.20.0.0/24


Also make sure that the X-Forwarded-Proto header is sent to the app server by the load balancer.


Example HaProxy

# /etc/haproxy/haproxy.cfg

backend shopware
   mode http
   # [...]

   http-request add-header X-Forwarded-Proto %[var(req.scheme)]
   # Necessary for https URL Generation

By specifying the dynamic variable %[var(req.scheme)], the HTTP scheme from the original request to the HaProxy instance is used to ensure that the transmitted X-Forwarded-Proto header corresponds to the actual forwarded HTTP scheme.


Example NGINX

# /etc/nginx/conf.d/shopware.conf

location / {
   proxy_pass http://10.20.X.X:80;
   # [...]

   proxy_set_header X-Forwarded-Proto $scheme;
}

By specifying the dynamic variable $scheme, the HTTP scheme from the original request to the NGINX instance is used to ensure that the transmitted X-Forwarded-Proto header corresponds to the actual forwarded HTTP scheme.


Further questions?

If you have any further questions, please do not hesitate to contact us.


Sources

Similar articles
On this page
Emergency?
In urgent cases, our emergency hotline is available around the clock at +49 2507 900 80 - 34.