Reverse proxy http to https

Community Support Web
1

hello
i am running hestiacp on a vm and hosting about 10/15 subdomains/domains and has internal ip 192.168.1.250
in hestiacp i have configured the domain example.domain.com to reverse proxy to 192.168.1.252

i have another vm running a little web server on port 1337 but only on http with no possibile option to enable https or install ssl with the internal ip 192.168.1.252

on local network the webserver works fine.
on external it gets blocked:

Mixed Content: The page at ‘blob:https://example.domain.com’ was loaded over HTTPS, but requested an insecure resource ‘http://exammple.domain.com’. This request has been blocked; the content must be served over HTTPS.

i tried many reverse proxy templates i could find online but none of them worked.

if anyone could help me please… its been almost 2 months since im searching and i tried most of the things online also with AI(chatgpt, copilot) but nothing works :frowning:

stpl template:

        server {
            listen      %ip%:%proxy_ssl_port% ssl;
            server_name %domain_idn% %alias_idn%;
            error_log   /var/log/%web_system%/domains/%domain%.error.log error;
    
            ssl_certificate     %ssl_pem%;
            ssl_certificate_key %ssl_key%;
            ssl_stapling        on;
            ssl_stapling_verify on;
    
            # TLS 1.3 0-RTT anti-replay
            if ($anti_replay = 307) { return 307 https://$host$request_uri; }
            if ($anti_replay = 425) { return 425; }
    
            include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
    
            location ~ /\.(?!well-known\/|file) {
                    deny all;
                    return 404;
            }
    
            location / {
                    proxy_pass https://192.168.1.252:1337;
    
            }
    
            location @fallback {
                    proxy_pass https://%ip%:%web_ssl_port%;
            }
    
            location /error/ {
                    alias %home%/%user%/web/%domain%/document_errors/;
            }
    
            proxy_hide_header Upgrade;
    
            include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
    }

tpl template:


    server {
            listen      %ip%:%proxy_port%;
            server_name %domain_idn% %alias_idn%;
            error_log   /var/log/%web_system%/domains/%domain%.error.log error;
    
            include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;
    
            location ~ /\.(?!well-known\/|file) {
                    deny all;
                    return 404;
            }
    
            location / {
                    proxy_pass https://192.168.1.252:1337;
    
    
            }
    
            location @fallback {
                    proxy_pass http://%ip%:%web_port%;
            }
    
            location /error/ {
                    alias %home%/%user%/web/%domain%/document_errors/;
            }
    
            include %home%/%user%/conf/web/%domain%/nginx.conf_*;
    }
2

Try on similar lines from this: Let's Encrypt SSL on specific port(s) & for docker ports

I have most of my git & few separate port ones running on SSL & NGINX. It needs nocanon it seems.