Resolving mixed content errors on Posit Connect behind F5 with TLS termination

networking
Connect
Published

January 29, 2026

Abstract

This article explains how to fix Mixed Content errors in Posit Connect when served behind an F5 load balancer with SSL terminated at the load-balancer. The issue is resolved by injecting a custom header (X-RSC-Request) using an iRule, allowing Posit Connect to recognize the original client-facing URL and protocol.

Description

You may see errors like the following in the browser developer tools console:

Mixed Content: The page at https://connect.proxy.example.com/connect/#/apps/abc123/access/42 was loaded over HTTPS, but requested an insecure frame http://connect.proxy.example.com/content/abc123/vKN0K6qgA/. This request has been blocked; the content must be served over HTTPS.

Cause

When SSL is offloaded at the load balancer, Posit Connect may not know the original request came over HTTPS. As a result, it may generate incorrect http://, iframe, or resource URLs, leading to mixed content issues.

This happens when:

  • The X-Forwarded-Proto header is not present or not trusted.
  • Posit Connect is unaware of the full original request context.

Resolution

Add an iRule to inject the X-RSC-Request header. Create the following iRule to construct and inject the full original client URL:

when HTTP_REQUEST {
    # Assume HTTPS due to SSL termination
    set scheme "https"
    set host [HTTP::host]
    set uri [HTTP::uri]
    set full_url "${scheme}://${host}${uri}"

    # Insert the custom header
    if { not ([HTTP::header exists "X-RSC-Request"]) } {
        HTTP::header insert "X-RSC-Request" $full_url
    }
}

Attach the iRule to HTTP Profile.

On your F5 load-balancer:

  • Go to Local Traffic > Profiles > Services > HTTP
  • Edit the HTTP profile associated with your Posit Connect server
  • Attach the iRule created above

Additional Recommendations

  • Ensure that X-Forwarded-Proto: https is passed correctly (either via iRule or HTTP profile setting)

  • Disable the UI warning within Connect at the top of pages, stating that Connect is being accessed over an insecure connection:

    /etc/rstudio-connect/rstudio-connect.gcfg
    [HTTP]
NoWarning = true

  • Make sure Connect’s configuration file includes the https address:

/etc/rstudio-connect/rstudio-connect.gcfg
[Server]
Address = https://connect.proxy.example.com/

Reference

See Running with a proxy for additional documentation.

If you’re still having issues, you can reach out to Support by opening a ticket.