Setup in nginx will lead to security warning in Google Chrome

Data Mastery asked:

Since 2 days, our users get the following warning when trying to login on our service:

warning

English version:

The information you’re about to submit is not secure

Because this site is using a connection that’s not completely secure, your information will be visible to others.

Send anyway   Go back

This is the setup in nginx we use and which worked for the last 3 years without any issue. It still works, but on Chrome it produces the warning.

   location / {

    proxy_pass          http://shinyproxy:4000; ### Übernahme der servicenamen aus Docker-compose

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 600s;

    proxy_redirect    off;
    proxy_set_header  Host             $http_host;
    proxy_set_header  X-Real-IP        $remote_addr;
    proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Protocol $scheme;
    }

   location /auth/ {
   
    proxy_pass          https://keycloak:8443; ### Übernahme der servicenamen aus Docker-compose

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 600s;

    proxy_redirect    off;
    proxy_set_header  Host             $http_host;
    proxy_set_header  X-Real-IP        $remote_addr;
    proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto $scheme;

    }

I found this thread:
https://bugs.chromium.org/p/chromium/issues/detail?id=1158169#c49

This seems to explain it. My knowledge with nginx is only quite basic, but can anyone suggest a workaround here?

My answer:


This warning is new in Chrome 86 and occurs when your web applicaton tries to submit a form via HTTP rather than HTTPS. Check your web application’s HTML form and ensure that it posts to an HTTPS URL, not an HTTP URL.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.