I'll explain a bit of my project.
It is a RAG Solution for the company I work in, and the application is meant for our technicians that will intervene in machines sold to clients, and use my application to quickly search documented solutions to previous problems. It is internal-use only, employee (technician) use only.
I'm using Flask and CORS, I have a .env setup for database credentials, and the application works wonderfully on my local machine.
Upon trying to implement the project in the company's web server, when someone tries a search, we'll get Error: "Failed to get response: Failed to fetch"
I understand my backend is running on HTTP. But I've secured it in other ways (blocking malicious commands in the search bar, for example, and not hardcoding credentials in Python), just in case.
So I'm trying to create a reverse proxy that will take all requests from the search bar, with frontend running on the main website's HTTPS infrastructure, and send it to the HTTP port running my app.
Variables are correctly set in IIS. We have URL Rewrite module which I've configured a reverse proxy in but I don't think it is working. (Image in link)
Pressing F12 on the page, this is what I get (image in link)
Full errors below (I substituted the names of the company, the project, and the port for privacy)
script.js:265 Mixed Content: The page at 'https://company.com/project/' was loaded over HTTPS, but requested an insecure resource 'http://company.com:9999/api/health'. This request has been blocked; the content must be served over HTTPS.checkHealth @ script.js:265(anonymous) @ script.js:15script.js:274 Cannot connect to backend: Failed to fetchcheckHealth @ script.js:274await in checkHealth (anonymous) @ script.js:15script.js:9 Enter key pressed!script.js:42 Making request to: http://company.com:9999/api/searchscript.js:43 Question: machine model Xscript.js:45 Mixed Content: The page at 'https://company.com/project/' was loaded over HTTPS, but requested an insecure resource 'http://company.com:9999/api/search'. This request has been blocked; the content must be served over HTTPS.searchSolutions @ script.js:45(anonymous) @ script.js:10script.js:72 Search failed: TypeError: Failed to fetch at searchSolutions (script.js:45:32) at HTMLInputElement.<anonymous> (script.js:10:13)searchSolutions @ script.js:72await in searchSolutions (anonymous) @ script.js:10