Error loading some JavaScript due to insecure HTTP script URL


My new Indico deployment appears to be working properly overall except for some JavaScript loading errors I see on the event viewer page like this:

MathJax.js:833 Mixed Content: The page at ‘’ was loaded over HTTPS, but requested an insecure script ‘’. This request has been blocked; the content must be served over HTTPS.

The event viewer is still functional and the page loads fine otherwise. I only noticed this because Indico popped up some warnings in the bottom of the screen about it and then I checked the browser error console.


My Indico server is running behind an NGINX reverse proxy following the pattern in the GitHub - indico/indico-containers: Containerization of Indico repo. Both the Indico server and this NGINX container (plus a Celery container) run in a Kubernetes Pod. Ingress routing and TLS certificates are handled by Traefik.

My NGINX reverse proxy config is copied below, and here are my Service and Ingress configs.

server {
  listen 8080;
  listen [::]:8080;

  access_log /var/log/nginx/access.log combined;
  access_log /dev/stdout combined;
  error_log  /var/log/nginx/error.log info;
  error_log  stderr info;

  root       /var/empty;

  sendfile on;

  # Serve static files
  location ~ ^/(images|fonts)(.*)/(.+?)(__v[0-9a-f]+)?\.([^.]+)$ {
    alias /opt/indico/static/$1$2/$3.$5;

  location ~ ^/(css|dist|images|fonts)/(.*)$ {
    alias /opt/indico/static/$1/$2;

  location / {
    proxy_pass http://indico-web:59999;
    proxy_set_header Host $server_name;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    client_max_body_size 1G;


My indico.conf is copied below:

DEBUG = False
SECRET_KEY = "*************"
SQLALCHEMY_DATABASE_URI = "postgresql://************"
REDIS_CACHE_URL = "redis://indico-redis-master:6379/0"
SMTP_SERVER = ("************", 25)
SUPPORT_EMAIL = "**********"
NO_REPLY_EMAIL = "*************"
DEFAULT_TIMEZONE = "America/Chicago"
CELERY_BROKER = "redis://indico-redis-master:6379/1"
STORAGE_BACKENDS = "{'default': 'fs:/opt/indico/archive'}"
PLUGINS = {'previewer_code', 'vc_zoom', 'payment_manual'}
# Authentication

When I try to change the BASE_URL to use https instead of http I receive Indico errors that I am using an invalid URL, even though the URL in the browser matches the URL that Indico says is the valid URL in the error message.

Any help would be appreciated.

You need to fix BASE_URL to use https. If this causes errors it seems like indico thinks it’s accessed via HTTP instead - try replacing $scheme with a hardcoded https, especially if you are nesting proxies/loadbalancers in front of it.

1 Like

It works now, thanks! That was literally the only permutation I had not tried :laughing:

Note that with nested LBs you need to make sure that only the first one which sees the real user’s IP adds X-Forwarded-For - we currently do not support taking the n-th trusted IP from XFF so none of the inner LBs may add to that header.

Otherwise Indico won’t see the real IP of the user which is a problem e.g. with the login rate limiter.