Nginx configuration leads to endless redirect loop

Nginx configuration leads to endless redirect loop

So I’ve looked at every sample configuration I could find and yet every time I try and view a page that requires ssl, I end up in an redirect loop. I’m running nginx/0.8.53 and passenger 3.0.2.
Here’s the ssl config
server {
listen 443 default ssl;
server_name .com www..com;
root /home/app//public;
passenger_enabled on;
rails_env production;
ssl_certificate /home/app/ssl/.com.pem;
ssl_certificate_key /home/app/ssl/.key;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_max_temp_file_size 0;

location /blog {
rewrite ^/blog(/.*)?$ http://blog..com/$1 permanent;
}

location ~* \.(js|css|jpg|jpeg|gif|png)$ {
if (-f $request_filename) {
expires max;
break;
}
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

Here’s the non-ssl config
server {
listen 80;
server_name .com www..com;
root /home/app//public;
passenger_enabled on;
rails_env production;

location /blog {
rewrite ^/blog(/.*)?$ http://blog..com/$1 permanent;
}

location ~* \.(js|css|jpg|jpeg|gif|png)$ {
if (-f $request_filename) {
expires max;
break;
}
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

Let me know if there’s any additional info I can give to help diagnose the issue.

Solutions/Answers:

Solution 1:

It’s your line here:

  listen 443 default ssl;

change it to:

listen 443;
ssl on;

This I’ll call the old style.
Also, that along with

              proxy_set_header X_FORWARDED_PROTO https;
              proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header  Host $http_host;
              proxy_set_header  X-Url-Scheme $scheme;
              proxy_redirect    off;
              proxy_max_temp_file_size 0;

did the trick for me. I see now i am missing the real IP line you have, but so far, this got rid of my infinite loop problem with ssl_requirement and ssl_enforcer.

Solution 2:

I found that it was this line

 proxy_set_header  Host $http_host;

Which should be changed to

 proxy_set_header  Host $host;

According to the nginx documentation by using ‘$http_host you’re passing the “unchanged request-header”.

Related:  HAProxy http passtrough proxy instead of 304 redirect

Solution 3:

Have you tried using “X-Forwarded-Proto” instead of X_FORWARDED_PROTO?

I’ve run into a problem with this header before, it wasn’t causing redirects, but changing this header fixed it for me.

Solution 4:

Since you have a rewrite statement found in both ssl and non-ssl sections

location /blog {
  rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
}

Where is the server section for blog..com?? Could that be the source of the issue?

Solution 5:

I had a similar issue for my symfony2 application, albeit form a different cause: I had set fastcgi_param HTTPS off; when I of course needed fastcgi_param HTTPS on; in my nginx configuration.

    location ~ ^/(app|app_dev|config)\.php(/|$) {
            satisfy any;
            allow all;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param HTTPS on;
    }

Solution 6:

In case someone else stumbles on this, I was attempting to configure both http and https via the same server {} block, but only added the “listen 443” directive believing that the “this line is default and implied” meant that it would also listen on 80 as well, it didn’t. Uncommenting the “listen 80” line so that both listen lines were present corrected the infinite loop. No idea why it would have even been getting a redirect at all, but it did.

References