Nginx configuration leads to endless redirect loop

Question

So I've looked at every sample configuration I could find and yet every time I try and view a page that requires ssl, I end up in an redirect loop. I'm running nginx/0.8.53 and passenger 3.0.2.

Here's the ssl config

server  {
  listen 443 default ssl;
  server_name <redacted>.com www.<redacted>.com;
  root /home/app/<redacted>/public;
  passenger_enabled on;
  rails_env production;  
  ssl_certificate      /home/app/ssl/<redacted>.com.pem;
  ssl_certificate_key  /home/app/ssl/<redacted>.key;

  proxy_set_header  X-Real-IP  $remote_addr;
  proxy_set_header  X_FORWARDED_PROTO https;
  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  Host $http_host;
  proxy_set_header  X-Url-Scheme $scheme;
  proxy_redirect    off;
  proxy_max_temp_file_size 0;

  location /blog {
    rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
  }

  location ~* \.(js|css|jpg|jpeg|gif|png)$ {
    if (-f $request_filename) {
      expires      max;
      break;
    }
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
    root   html;
  }
}

Here's the non-ssl config

server  {
  listen 80;
  server_name <redacted>.com www.<redacted>.com;
  root /home/app/<redacted>/public;
  passenger_enabled on;
  rails_env production;  

  location /blog {
    rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
  }

  location ~* \.(js|css|jpg|jpeg|gif|png)$ {
    if (-f $request_filename) {
      expires      max;
      break;
    }
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
    root   html;
  }
}

Let me know if there's any additional info I can give to help diagnose the issue.

score 30 · Answer 1 · answered Jan 27 '11 at 22:01

30

It's your line here:

  listen 443 default ssl;

change it to:

listen 443;
ssl on;

This I'll call the old style. Also, that along with

              proxy_set_header X_FORWARDED_PROTO https;
              proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header  Host $http_host;
              proxy_set_header  X-Url-Scheme $scheme;
              proxy_redirect    off;
              proxy_max_temp_file_size 0;

did the trick for me. I see now i am missing the real IP line you have, but so far, this got rid of my infinite loop problem with ssl_requirement and ssl_enforcer.

answered Jan 27 '11 at 22:01

pjammer

9,489
5
46
56

4

I was using `config.ssl = true` in a Rails application with the first version of the ssl configuration for nginx and also ended up in an infinite loop. Changing the configuration to have the ssl declaration on a separate line solved the issue for me. Thanks!!! – Adam Jan 05 '12 at 14:40
ssl on; on a new line fixed the infinite loop for me when I switched config.ssl = true – Mark Robinson Sep 21 '12 at 16:31
1

`ssl on` is deprecated in recent versions of nginx (1.15.0+) – technicalpickles Mar 14 '22 at 16:22

score 27 · Answer 2 · answered May 30 '19 at 23:51

27

I've toyed around with a bunch of these answers but nothing worked for me. Then I realized since I use Cloudflare the problem may not be in the server but with Cloudflare. Lo and behold when I set my SSL to Full (Strict) everything works as it should!

answered May 30 '19 at 23:51

Zaki Aziz

3,592
11
43
61

5

This problem was driving me crazy! I had set up SSL with Let's Encrypt so I didn't even think about checking Cloudflare's SSL settings. Thanks for sharing! – Chris Sep 16 '19 at 15:28
4

Thank you very much I almost pulled all my hair out! – Wereii Mar 11 '21 at 20:33
5

Even in 2023 your answer saved me from pulling my hair out. Thank you so much!! – EliC Jan 13 '23 at 05:38
4

Even in 2023, in span of 9 hours this answer saved two people from pulling their hair. Kudos – Rohit Jan 13 '23 at 15:23
3

Make that three people! – VirtualWolf Feb 11 '23 at 01:02

score 7 · Answer 3 · answered Aug 13 '12 at 10:04

7

I found that it was this line

 proxy_set_header  Host $http_host;

Which should be changed to

 proxy_set_header  Host $host;

According to the nginx documentation by using '$http_host you're passing the "unchanged request-header".

answered Aug 13 '12 at 10:04

toxaq

6,745
3
46
56

score 5 · Answer 4 · answered Jan 06 '11 at 16:00

5

Have you tried using "X-Forwarded-Proto" instead of X_FORWARDED_PROTO?

I've run into a problem with this header before, it wasn't causing redirects, but changing this header fixed it for me.

answered Jan 06 '11 at 16:00

britg

225
2
8

Same for me, too. The X_FORWARDED_PROTO did nothing for a particular app, while X-Forwarded-Proto worked great. nginx proxying to a Passenger Standalone rails app on the backend. – Barney Desmond Aug 10 '11 at 01:14

score 4 · Answer 5 · answered Apr 23 '14 at 16:34

I had a similar issue for my symfony2 application, albeit form a different cause: I had set fastcgi_param HTTPS off; when I of course needed fastcgi_param HTTPS on; in my nginx configuration.

    location ~ ^/(app|app_dev|config)\.php(/|$) {
            satisfy any;
            allow all;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param HTTPS on;
    }

@Sahil Instead of thanking in the comments, put in an upvote. Glad it helped :) — k0pernikus, May 02 '16 at 18:36

score 4 · Answer 6 · answered May 13 '11 at 05:09

4

Since you have a rewrite statement found in both ssl and non-ssl sections

location /blog {
  rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
}

Where is the server section for blog..com?? Could that be the source of the issue?

answered May 13 '11 at 05:09

Peter Petrik

429
4
5

score 2 · Answer 7 · answered Jul 25 '12 at 14:52

In case someone else stumbles on this, I was attempting to configure both http and https via the same server {} block, but only added the "listen 443" directive believing that the "this line is default and implied" meant that it would also listen on 80 as well, it didn't. Uncommenting the "listen 80" line so that both listen lines were present corrected the infinite loop. No idea why it would have even been getting a redirect at all, but it did.

Thank you, that makes no sense to me but it now works! – Asher Jul 09 '23 at 18:55 — Asher, Jul 09 '23 at 18:55

score 1 · Answer 8 · answered Jun 18 '14 at 16:47

For those who are searching desperatly why their owncloud keep making a redirect loop in spite of having a good configuration file, i've found why it's not working.

My config: nginx + php-fpm + mysql on a fresh centos 6.5

when installing php-fpm and nginx, default permission on /var/lib/php/session/ is root:apache

php-fpm through nginx store php session here, if nginx did not have authorization to write it fail miserably to keep any login session, resulting in an infinite loop.

So juste add nginx in apache group (usermod -a -G apache nginx) or change ownership of this folder.

Have a nice day.

score 1 · Answer 9 · edited May 23 '17 at 12:03

1

X_FORWARDED_PROTO as in your file can cause errors and it did in my case. X-Forwarded-Proto is correct whereas the hiphens are more important than uppercase or lowercase letters.

You can avoid those problems by sticking to conventions ;)

see also here: Custom HTTP headers : naming conventions and here: http://www.ietf.org/rfc/rfc2047.txt

edited May 23 '17 at 12:03

Community

1
1

answered Nov 06 '14 at 13:10

Steven

1,218
3
18
38

Nginx configuration leads to endless redirect loop

9 Answers9

Linked