Mixed content warnings, anyone?

One of the things I thought I had done successfully was get the forum (and, indeed, every bigdinosaur.org site) to be all HTTPS, all the time. This was done by throwing HAProxy in front of everything on the web server as an SSL-terminating reverse proxy—in other words, using HAProxy to listen to all incoming connections, find any that were HTTP, redirect them to HTTPS, do the SSL/TLS encryption with the end user’s web browser, and then pass on the unencrypted payload to the actual web server. I’m also setting an HSTS header on everything, which is a method of telling web browsers that bigdinosaur.org enforces strict HTTPS on everything and to only use HTTPS for this domain, period, full stop.

However, on and off over the last couple of days, I’ve seen some weird elusive mixed content warnings in Firefox when I’m browsing. I can’t quite figure out exactly what assets the warnings might be referring to, so please, if you guys happen to see an a mixed content warning at any point when browsing the forums, see if you can pull up your web dev console (in Chrome, it’d be View > Developer > Developer Tools, for example) and check to see if you can catch the image or script or whatever is causing the issue.

Thanks!!

Here’s what I have.

     WARNING: DEPRECATION: `Discourse.PageTracker` is deprecated, import the module.
    _vendor-5939aced2df07b0bcc1c101662121c68.js:384 DEBUG: For more advanced debugging, install the Ember Inspector from https://chrome.google.com/webstore/detail/ember-inspector/bmdblncegkenkacieihfhpjfppoconhi
    https://discourse.bigdinosaur.org/message-bus/03cc317b08bd41deb13f38e02b1019b9/poll?dlp=t Failed to load resource: the server responded with a status of 502 (Bad Gateway)
    https://discourse.bigdinosaur.org/topics/timings Failed to load resource: the server responded with a status of 502 (Bad Gateway)
    _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:25955 Error: Bad Gateway
        at s (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:25932)
        at Object.e.default.trigger (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:44337)
        at h._onerror (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:45351)
        at f (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:43582)
        at _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:25918
        at r.invoke (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:885)
        at Object.r.flush (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:950)
        at Object.n.flush (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:755)
        at Object.a.end (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:180)
        at Object.a.run (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:235)s @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:25955
    _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:5 POST https://discourse.bigdinosaur.org/topics/timings 502 (Bad Gateway)Y.cors.e.crossDomain.send @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:5Z.extend.ajax @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:5o @ _application-ddac25ed3794a39c327817f6c20919d4.js:102_ @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:43707h @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:45335Discourse.Ajax.Em.Mixin.create.ajax @ _application-ddac25ed3794a39c327817f6c20919d4.js:118Ember.Object.extend.flush @ _application-ddac25ed3794a39c327817f6c20919d4.js:12511Ember.Object.extend.tick @ _application-ddac25ed3794a39c327817f6c20919d4.js:12588(anonymous function) @ _application-ddac25ed3794a39c327817f6c20919d4.js:12418
    _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:25955 Error: Bad Gateway
        at s (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:25932)
        at Object.e.default.trigger (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:44337)
        at h._onerror (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:45351)
        at f (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:43582)
        at _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:25918
        at r.invoke (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:885)
        at Object.r.flush (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:950)
        at Object.n.flush (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:755)
        at Object.a.end (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:180)
        at Object.a.run (_ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:235)s @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:25955e.default.trigger @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:44337h._onerror @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:45351f @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:43582(anonymous function) @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:25918r.invoke @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:885r.flush @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:950n.flush @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:755a.end @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:180a.run @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:235u @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:15083a.error @ _application-ddac25ed3794a39c327817f6c20919d4.js:82c @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:3h.fireWith @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:3r @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:5(anonymous function) @ _ember_jquery-c510009d3d7cecdf3f948f54d4922d9a.js:5

(edit - added code tags)

Not worried about the Discourse.PageTracker bit—that’s something the discourse guys are doing that they’ll eventually fix. The 502 Gateway errors are a little more concerning. I’ll see if I can find out wtf is going on there…

edit - Not seeing the poll or timings 502 errors, either—they look like they’re running. You can toggle over to the “Network” tab in the chrome dev console to watch all the different page elements load, and I’m seeing the poll & timing elements complete with an OK 200. Funky.