Mixed content warning over https

The docker installation over image octobercms/october-dev:latest seems to be only optimized for http. I have a webserver proxy setup to make the redirect from internal http port 80 to 443.

The main page is loaded but the loading of other sources is failing because of CSP.

Below are the error messages in the browsers console.

Error messages

octobercms.domain.tld/:1 Mixed Content: The page at 'https://octobercms.domain.tld/' was loaded over HTTPS, but requested an insecure element 'http://octobercms.domain.tld/themes/getting-started/assets/images/october-logo.svg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

octobercms.domain.tld/:10 Mixed Content: The page at 'https://octobercms.domain.tld/' was loaded over HTTPS, but requested an insecure stylesheet 'http://octobercms.domain.tld/combine/4cf812baa34ee46b6641346ff653084c-1705309314'. This request has been blocked; the content must be served over HTTPS.

octobercms.domain.tld/:1 Mixed Content: The page at 'https://octobercms.domain.tld/' was loaded over HTTPS, but requested an insecure script 'http://octobercms.domain.tld/themes/getting-started/assets/javascript/index.js'. This request has been blocked; the content must be served over HTTPS.

octobercms.domain.tld/:1 Mixed Content: The page at 'https://octobercms.domain.tld/' was loaded over HTTPS, but requested an insecure element 'http://octobercms.domain.tld/themes/getting-started/assets/images/october-logo.svg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

octobercms.domain.tld/:1 Mixed Content: The page at 'https://octobercms.domain.tld/' was loaded over HTTPS, but requested an insecure favicon 'http://octobercms.domain.tld/themes/getting-started/assets/images/october.png'. This request has been blocked; the content must be served over HTTPS.

Solutions

I tried different solutions:

• .htaccess - uncomment line to force HTTPS (error with too many redirects)
• set OCTOBER_CMS_LINK_POLICY to ‘secure’
• set LINK_POLICY to ‘secure’
• set OCTOBER_APP_URL to ‘https://octobercms.domain.tld’
• set APP_URL to ‘https://octobercms.domain.tld’

No luck so far.

Question
Do I need to install an october plugin, is the setup of Apache2 incorrect or is there another way?

I could fix it by manually editing it in the php files.

config/app.php
‘url’ => ‘https://octobercms.domain.tld’,

config/system.php
‘link_policy’ => ‘force’,

Like it is described in Web Server Configuration - October CMS - 3.x