Nginx Setup With Too Many Redirects


#1

I am setting up Let’s Encrypt’s ssl for the first time with nginx. I used the DigitalOcean guide that i linked below, and used Certbot, to complete the installation.

I used the following guide:

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

After completing my setup I was left with the following configuration:

server {

    root /var/www/example.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name example.com www.example.com;

    location / {
            try_files $uri $uri/ =404;
    }

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = example.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;
return 404; # managed by Certbot

}

After some troubleshooting it seemed that I was getting too many redirects from the following portion of the configuration:

if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = example.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

After removing this portion of the code, I was able to get ssl fully working, however, http would not redirect to https.

I then replaced the offending portion of the code with some of the following alternative work around and still was unable to get it working:

return 301 https://example.com$request_uri;

if ($scheme != “https”) {
return 301 “https://$host$request_uri”;
}

if ($scheme != “https”) {
return 301 “https://example.com$request_uri”;
}

Am i missing something? How do i get it to redirect from http to https properly?


#2

Hi @whyencrypt

create the redirect rule only in your port 80 vHost. Then you don’t need to check the $scheme.


#3

Also, make sure that you don’t have some other tool like a content management system or web application that generates its own redirects, above the level of the web server itself. (For example, if you had a WordPress installation or something that was configured to send redirects, they could be redundant with and/or contradictory to the ones configured in nginx.)


#4

I have fixed my issue. I was using cloudflare, which I didn’t think was an issue but it seems it was.

I simply replaced the offending code with the following:

if ($http_x_forwarded_proto = “http”) {
return 301 https://$server_name$request_uri;
}


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.