I am a (mainly windows) sysadmin who has inherited a pre-bundled OT measurement system / dashboard built on a Pi 4 with Node-Red, Graphana and Postgresql docker containers sitting behind a HAproxy reverse proxy (also in a container) that is trying to do https termination with a self-signed certificate. I am trying to setup a trusted certificate and remove the security warnings.
I've setup the addressing and DNS correctly and created a trusted TLS certificate using our internal Microsoft CA and replaced the certificate in the pi being used by HAproxy which all works, except browsers are still labeling the site insecure even though it trusts the certificate chain and says the certificate is valid. I believe the site is requesting content unencrypted somewhere but i can't figure it out. TBH, i can't be sure it's even Node-Red's fault.
Can anyone offer any wisdom regarding configuring Node-Red for this scenario? Anyone done it before with HAproxy?
My only other lead is maybe it's something to do with WebSockets since i can't find any mention of that in the HAproxy config, but saw it in another example provided by the forums for a different proxy.