From 95c63e1ee0d8ac5437253e84f0af8f047c57f1d9 Mon Sep 17 00:00:00 2001 From: Oier Bravo Urtasun Date: Tue, 9 Jun 2026 02:53:35 +0200 Subject: [PATCH] fix(drasl): use https BaseURL to match TLS ingress MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Public scheme is HTTPS (host nginx terminates TLS in front of caddy). Drasl builds absolute URLs — texture URLs and the authlib-injector API location — from BaseURL, so an http:// value caused mixed-content blocking and broken login on the https origin. Point BaseURL at https://auth.${BASE_DOMAIN}. Co-Authored-By: Claude Opus 4.8 (1M context) --- drasl/config/config.toml.tmpl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drasl/config/config.toml.tmpl b/drasl/config/config.toml.tmpl index 725937f..d782d56 100644 --- a/drasl/config/config.toml.tmpl +++ b/drasl/config/config.toml.tmpl @@ -3,7 +3,10 @@ # -> drasl/config/config.toml (gitignored). Only ${BASE_DOMAIN} is substituted. # Reached only via Caddy at auth.${BASE_DOMAIN}; drasl has no published host port. -BaseURL = "http://auth.${BASE_DOMAIN}" +# Public scheme is HTTPS — the host nginx terminates TLS in front of caddy. +# Drasl builds absolute URLs (textures, authlib-injector API location) from this; +# an http:// value triggers mixed-content + broken login on the https origin. +BaseURL = "https://auth.${BASE_DOMAIN}" Domain = "auth.${BASE_DOMAIN}" ListenAddress = "0.0.0.0:25585" # internal; Caddy reverse-proxies to it DefaultAdminUsernames = ["admin"]