Hey there!
I'm running the latest version of Bookstack alongside Traefik on my Docker setup (w/ Portainer) on Ubuntu 22.04. Using MySQL DB image as well. I've setup Bookstack to normally be accessible under docs.domain.tld with SSL, and am generally able to access the App, UIs, etc without too many issues. I currently have it behind a httpauth middleware too. I've also declared the URL in APP_URL
environmental variable.
The Problem: When in Bookstack, the WYSIWYG editor does not work (see screenshot) when accessing it over the HTTPS URL. However, if I revert to just directly accessing port 80 over http, the WYSIWYG it works. I see this error in my Console Log:
Refused to load the script 'https://docs.domain.tld/cdn-cgi/apps/head/6wJhVBB4ypyU1RY0Ji8OcqnjF-w.js' because it violates the following Content Security Policy directive: "script-src http: https: 'nonce-e5cowZZvujbA5XnKFlKasp1B' 'strict-dynamic'". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
edit:1 Refused to load the script 'https://docs.domain.tld/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js' because it violates the following Content Security Policy directive: "script-src http: https: 'nonce-e5cowZZvujbA5XnKFlKasp1B' 'strict-dynamic'". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
I suspect this is something with how I've setup my Traefik Labels for this container, and the SSL / HTTPS implementation I currently have; here are my Labels:
traefik.http.services.docs.loadbalancer.server.port
- 80
traefik.http.routers.docs.tls.domains[0].main
- docs.domain.tld
traefik.http.routers.docs.tls.certresolver
- letsencrypt
traefik.http.routers.docs.tls
- true
traefik.http.routers.docs.rule
- Host(docs.domain.tld) || Host(www.docs.domain.tld)
traefik.http.routers.docs.entrypoints
- https
traefik.http.middlewares.docs.headers.customrequestheaders.X-Forwarded-Proto
- https
Any help or advice as to how to fix this would be strongly appreciated!
Thank you