auth.css served via http

[emsi]

I've setup self-hosted fief using provided docker-compose.yaml. My reverse proxy is providing SSL with Letsencrypt so I'm accessing fief via https (frankly it's odd that the production deployment documentation does does http by default).

When I try to load the login page the auth.css is retrieved via http rather than https which causes the page to fail.

Configuration

[frankie567]

Hi @emsi 👋

Since you're behind a proxy, its IP needs to be allowed on the Fief server so it trusts the X-Forwarded- headers (and generate links with the right scheme).

For this you'll need to set the FORWARDED_ALLOW_IPS environment variable. If you're sure the Fief server is reachable only via the proxy, you can set it to *.

[emsi]

Thank you.
It solves the issue, however it could be somehow communicated in the UI or appropriate information added to the "production deployment" documentation as production deployment should not be made over unsecured transport layer.

[frankie567]

I've added details about this in the docs: https://docs.fief.dev/self-hosting/deployment/ssl/