Mod_pagespeed rewrites over HTTP instead of HTTPS

I have a Bitnami LAMP stack on AWS and keep getting errors because mod_pagespeed rewrites scripts and stylesheets over HTTP.

Original: https://www.mydomain.com/static/protoaculous.1.8.3.min.js
Rewrite: http://www.mydomain.com//static/protoaculous.1.8.3.min.js.pagespeed.jm.BrmyICWQcE.js/

I have modified pagespeed.conf and updated the following:

From: ModPagespeedSslCertDirectory “/opt/bitnami/common/openssl/certs”
To: ModPagespeedSslCertDirectory “/opt/bitnami/apache2/conf”

I have SSL certificates from Letsencrypt which are installed in the above directory.

I added the following settings:
ModPagespeedMapOriginDomain “http://www.mydomain.com” “https://www.mydomain.com
ModPagespeedLoadFromFile “https://www.mydomain.com/static/” “/home/bitnami/htdocs/static/”

In the bitnami.conf file I have added the HTTP to HTTPS redirection:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

I am wondering if I am missing out on something.

Thanks,

Giorgio

Here is my complete pagespeed.conf configuration:

<IfModule !mod_version.c>
    LoadModule version_module /opt/bitnami/apache2/modules/mod_version.so
</IfModule>
<IfVersion < 2.4>
    LoadModule pagespeed_module /opt/bitnami/apache2/modules/mod_pagespeed.so
</IfVersion>
<IfVersion >= 2.4.2>
    <IfModule !access_compat_module>
        LoadModule access_compat_module /opt/bitnami/apache2/modules/mod_access_compat.so
    </IfModule>
    LoadModule pagespeed_module /opt/bitnami/apache2/modules/mod_pagespeed_ap24.so
</IfVersion>
<IfModule !mod_deflate.c>
    LoadModule deflate_module /opt/bitnami/apache2/modules/mod_deflate.so
</IfModule>
<IfModule pagespeed_module>
    ModPagespeed on

    AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html

    ModPagespeedFileCachePath "/opt/bitnami/apache2/var/cache/mod_pagespeed/"
    ModPagespeedLogDir "/opt/bitnami/apache2/logs/pagespeed_log"
    ModPagespeedSslCertDirectory "/opt/bitnami/apache2/conf"

    ModPagespeedDomain https://www.mydomain.com

    ModPagespeedMapOriginDomain "http://localhost" "https://www.mydomain.com"

    ModPagespeedLoadFromFile "https://www.mydomain.com/static/" "/home/bitnami/htdocs/static/"

    ModPagespeedEnableFilters inline_images,combine_css,combine_javascript,rewrite_javascript,rewrite_css,inline_css

    <Location /pagespeed_admin>
        Order allow,deny
        Allow from localhost
        Allow from 127.0.0.1
        SetHandler pagespeed_admin
    </Location>
    <Location /pagespeed_global_admin>
        Order allow,deny
        Allow from localhost
        Allow from 127.0.0.1
        SetHandler pagespeed_global_admin
    </Location>

    ModPagespeedStatisticsLogging on

    ModPagespeedMessageBufferSize 100000
</IfModule>

The only thing that notably works is switching the module on and off. Anything else seems to be ignored.

Hi @visualsense,

Thank you for the information. We have a Support Tool that will gather relevant information for us to review all the configuration files. Could you please download and execute it on the machine where the stack is running by following the steps described in the guide below?

How to Run the Bitnami Support Tool

Please note that you need to paste the code outputted by the tool in your reply.

d0f6af45-4bf7-8d12-bc71-2e6629bd7951

Hi @visualsense,

Our team will review your configuration and will update this thread as soon as possible.

Thanks

1 Like

Hi @visualsense, from the bundle you sent us we cannot find any of the following configuration:

    ModPagespeedSslCertDirectory "/opt/bitnami/apache2/conf"

    ModPagespeedDomain https://www.mydomain.com

    ModPagespeedMapOriginDomain "http://localhost" "https://www.mydomain.com"

Are you sure you modified the pagespeed.conf file in /opt/bitnami/apache2/conf? If so, please send us the bundle again from the server where you’re finding the issues.

Hi,

Yes 100%. Of course, mydomain.com is not the actual domain but a substitution I used for this forum, but you most probably know that already.

Here is a copy of /opt/bitnami/apache2/conf/pagespeed.conf:

<IfModule !mod_version.c>
    LoadModule version_module /opt/bitnami/apache2/modules/mod_version.so
</IfModule>
<IfVersion < 2.4>
    LoadModule pagespeed_module /opt/bitnami/apache2/modules/mod_pagespeed.so
</IfVersion>
<IfVersion >= 2.4.2>
    <IfModule !access_compat_module>
        LoadModule access_compat_module /opt/bitnami/apache2/modules/mod_access_compat.so
    </IfModule>
    LoadModule pagespeed_module /opt/bitnami/apache2/modules/mod_pagespeed_ap24.so
</IfVersion>
<IfModule !mod_deflate.c>
    LoadModule deflate_module /opt/bitnami/apache2/modules/mod_deflate.so
</IfModule>
<IfModule pagespeed_module>
    ModPagespeed off

    AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html

    ModPagespeedFileCachePath "/opt/bitnami/apache2/var/cache/mod_pagespeed/"
    ModPagespeedLogDir "/opt/bitnami/apache2/logs/pagespeed_log"
    ModPagespeedSslCertDirectory "/opt/bitnami/apache2/conf"

    ModPagespeedDomain https://www.mydomain.com

    ModPagespeedMapOriginDomain "http://localhost" "https://www.mydomain.com"

    ModPagespeedLoadFromFile "https://www.mydomain.com/static/" "/home/bitnami/htdocs/static/"

    ModPagespeedEnableFilters inline_images,combine_css,combine_javascript,rewrite_javascript,rewrite_css,inline_css

    <Location /pagespeed_admin>
        Order allow,deny
        Allow from localhost
        Allow from 127.0.0.1
        SetHandler pagespeed_admin
    </Location>
    <Location /pagespeed_global_admin>
        Order allow,deny
        Allow from localhost
        Allow from 127.0.0.1
        SetHandler pagespeed_global_admin
    </Location>

    ModPagespeedStatisticsLogging on

    ModPagespeedMessageBufferSize 100000
</IfModule>

Do you still need me to send the bundle again?

Yes, please send us the bundle again, as it seems previous one that we received may not match the configuration for the one you mentioned.

We’re looking for any misconfiguration, which is why we’re interested in getting the whole picture.

Thanks!

Here you go: 2440f4a3-7a39-7805-6585-41226af617ef

Hi @visualsense, we were able to get it working without issues.

We needed to change a few parameters in the configuration you posted above though:

ModPagespeed on
ModPagespeedSslCertDirectory /opt/bitnami/common/openssl/certs

With that, we could access images with URL //mydomain.com/img/image.png, img/image.png both on HTTP and HTTPS, and future requests would be cached by Pagespeed.
If the image URL is https://mydomain.com/img/image.png, it is also properly accessed on HTTPS.

NOTE: If that does not work, you could try adding “ModPagespeedFetchHttps enable”. If your certificate is self-signed, try “ModPagespeedFetchHttps enable,allow_self_signed” instead.

Hi,

Tried all the solutions, but still getting these errors:

Mixed Content: The page at ‘https://www.mydomain.com/’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://www.mydomain.com//static/A.screen.css.pagespeed.cf.9kAv7ntdRQ.css/’. This request has been blocked; the content must be served over HTTPS.

I have turned ModPagespeed off again.

By the way, this directory /opt/bitnami/common/openssl/certs contains only one file which is curl-ca-bundle.crt. I use Letsencrypt to secure my site.

Sorry for my last reply. I confused this topic with another one. I’ll take a look into your issue shortly.

Hi @visualsense, using your configuration we’re unable to reproduce your issue. We see this error:

Mixed Content: The page at ‘https://www.mydomain.com/’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://www.mydomain.com//static/A.screen.css.pagespeed.cf.9kAv7ntdRQ.css/’. This request has been blocked; the content must be served over HTTPS.

Why is it trying to load mydomain.com//static/A.screen.css.pagespeed.cf.9kAv7ntdRQ.css instead of mydomain.com/static/A.screen.css.pagespeed.cf.9kAv7ntdRQ.css (notice the extra “/”)? Could it be possible the stylesheet’s “href” is wrong?

If not, could you check your Pagespeed version? In order to do this enable Pagespeed on your server and then run the command below:

curl -H "User-Agent: Mozilla/5" -I http://mydomain.com

You should see something like this:

X-Mod-Pagespeed: 1.13.35.2-0

Checked the stylesheet URL and it is correct:

<link rel="stylesheet" type="text/css" href="https://www.mydomain.com/static/screen.css" />

And this is my response to the curl:

curl -H "User-Agent: Mozilla/5" -I http://www.mydomain.com/

HTTP/1.1 302 Found
Date: Thu, 24 Jan 2019 22:10:13 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: https://www.mydomain/
Content-Type: text/html; charset=iso-8859-1

And with HTTPS:

curl -H "User-Agent: Mozilla/5" -I https://www.mydomain.com/

HTTP/1.1 200 OK
Date: Thu, 24 Jan 2019 22:12:30 GMT
Server: Apache
X-Powered-By: PHP/7.1.24
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=ifasn6095v011rhmmso3bvdt5f; path=/
X-Frame-Options: SAMEORIGIN
Cache-Control: max-age=0, no-cache
Content-Type: text/html; charset=UTF-8

I don’t see X-Mod-Pagespeed but I can assure it is turned on with restarting Apache. I have checked the code and other elements work. Just four errors not rewriting to https:// making my HTTPS fail.

When loading my site, it fails. You can see the stylesheet and javascript files are not loaded, and console throws the errors. Strange enough, when loading the source code, as follows, it rewrites correctly.

view-source:https://www.mydomain.com/

HOWEVER, the URLS of the rewritten styles and scripts are not accessible:

https://www.mydomain.com/static/A.screen.css.pagespeed.cf.9kAv7ntdRQ.css

Redirects yo my 404 URL.

Could this possibly be a file permission problem?

After a little bit more research I found path misconfiguration in my pagespeed.conf.

I mistyped the path which should have been:

ModPagespeedLoadFromFile "https://www.mydomain.com/static/" "/home/bitnami/**apache2/**htdocs/static/"

And it still throws one error:

Mixed Content: The page at ‘https://www.mydomain.com/’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://www.mydomain.com//mod_pagespeed_beacon/?url=https%3A%2F%2Fwww.mydomain.com%2F’. This request has been blocked; the content must be served over HTTPS.

Hi @visualsense, unfortunately we’re still unable to reproduce this issue on our side, Pagespeed works properly for us.

In any case, there are two things that occur to me could be happening. Could you try enabling Pagespeed and check both?

If it’s not any of those, unfortunately we have little idea what is happening on your side as we don’t have any scenario where we can reproduce your issue.

1. Your requests include a X-Forwarded-Proto header

In this case, you should check this link: https://www.modpagespeed.com/doc/https_support#RespectXForwardedProto

In this case you may need to add the following directive to your Pagespeed configuration file:

ModPagespeedRespectXForwardedProto on

2. The Pagespeed cache is outdated and is not getting flushed

In that case, run the following commands:

rm -rf /opt/bitnami/apache2/var/cache/mod_pagespeed/*
sudo /opt/bitnami/ctlscript.sh restart apache
1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.