301 Permanent Redirect on https but http works fine

Question

When I run

curl -I http://myapp.com/
curl -I https://myapp.com/

http returns

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 05 Mar 2019 17:46:29 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 31 Jan 2017 15:01:11 GMT
Connection: keep-alive
ETag: "5890a6b7-264"
Accept-Ranges: bytes

whereas the https returns

HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 05 Mar 2019 17:50:29 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Location: https://www.myapp.com/

curl: (47) Maximum (50) redirects followed

I obviously can't access the domain, I get the error ERR_TOO_MANY_REDIRECTS because Let's Encrypt is set up to redirect any http requests to https.

I see two options, deactivate the https and access the site through http or figure out why the 301 Permanent Redirect is happening on the https.

I initially got rid of the 301 Permanent Redirect on http by taking out the line

return 301 https://$server_name$request_uri;

My nginx config file

server {
listen 80;
servername myapp.com www.myapp.com;
servertokens off;
}

server {
listen 443 ssl; # managed by Certbot
server_name myapp.com www.myapp.com;

ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot  

root /home/me/myapp/src/myapp;

location = /favicon.ico { access_log off; log_not_found off; }

location /static/ {
    root /home/me/myapp/src/myapp;
}

location /media/  {
    root /home/me/myapp/src/myapp;
}

location / {
    try_files $uri/ @python_django;
}

location @python_django {
    proxy_pass http://127.0.0.1:8001;
    proxy_pass_request_headers on;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
}
}

I am in DIRE need of help, please!!!

Answer 1

You can follow this alternate approach. I find it a bit simpler to handle redirections.

server {
    listen 80;
    #listen [::]:80 ipv6only=on;

    server_name your.server.com;
    access_log /etc/nginx/access.log;

    root /var/www/html/someroot;

    location / {
            #autoindex on;

            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            # try_files $uri =404;

            #proxy_set_header X-Real-IP $remote_addr;
            #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            #proxy_set_header Host $http_host;
            #proxy_set_header X-NginX-Proxy true;
            #proxy_pass http://127.0.0.1:8080/;
            #proxy_redirect off;
            #proxy_http_version 1.1;
            #proxy_set_header Upgrade $http_upgrade;
            #proxy_set_header Connection "upgrade";

            #proxy_redirect off;
            #proxy_set_header   X-Forwarded-Proto $scheme;
            #proxy_cache one;
            #proxy_cache_key sfs$request_uri$scheme;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/some/fullchain.pem;
    # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/some/privkey.pem; 
    # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
}

Notice the last if clause. That is where all the redirection takes place. Basically, you use only one server block and listen to all the traffic that comes through port 80 and 443. When someone hits port 80, the request is redirected to 443. Works well for me. Let me know if it does for you as well.