0

I have a working Nginx installation that has successfully served an index.html with SSL with no problems.

When I point it toward my nopCommerce 4.50 site on the same machine, the nopcommerce site now works with SSL. However, all links on the page as well as resources still use http and firefox gives a warning that "Parts of this page are not secure"

To attempt to fix that, I have changed the url and enabled SSL in the nop settings.

When I did that, the site now infinitely redirects to itself. For instance, accessing https://mynopcommerce.com returns a 301 redirecting to https://mynopcommerce.com. To get the site working again, I have to manually disable SSL in the nop database.

I have tried all fixes for this issue as suggested by https://docs.nopcommerce.com/en/getting-started/advanced-configuration/how-to-install-and-configure-ssl-certification.html#troubleshooting

  • I have set "UseHttpXForwardedProto" to true in the appsettings.json
  • I have cleared browser/server/proxy cookies and cache.
  • I am not using cloudflare, dns, or any other proxy services other than nginx as the reverse proxy.

My nginx server block:

server {
    listen 443 ssl;
    server_name mynopcommerce.com;

    ssl_certificate /etc/letsencrypt/live/mynopcommerce.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mynopcommerce.com/privkey.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    location / {
        proxy_pass         http://nopcommerce_web; # DNS resolves name to nop server
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

I believe it might be related to the fact that nginx is handling SSL. And with SSL enabled on nop, the non-ssl communication between nop and nginx may make nop return a 301 to the https version of the site, not knowing that it's already on it?

This is the log from nginx and nop during 1 request. (It loops this until error)

nopcommerce_nginx      | [03/Apr/2022:21:07:00 +0000] "GET / HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0" "-"
nopcommerce_web        | {"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request starting HTTP/1.1 GET http://mynopcommerce.com/ - -","State":{"Message":"Request starting HTTP/1.1 GET http://mynopcommerce.com/ - -","Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"mynopcommerce.com","PathBase":"","Path":"/","QueryString":""}}
nopcommerce_web        | {"EventId":0,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executing endpoint \u0027Nop.Web.Controllers.HomeController.Index (Nop.Web)\u0027","State":{"Message":"Executing endpoint \u0027Nop.Web.Controllers.HomeController.Index (Nop.Web)\u0027","EndpointName":"Nop.Web.Controllers.HomeController.Index (Nop.Web)","{OriginalFormat}":"Executing endpoint \u0027{EndpointName}\u0027"}}
nopcommerce_web        | {"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Route matched with {action = \u0022Index\u0022, controller = \u0022Home\u0022, area = \u0022\u0022}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.HomeController (Nop.Web).","State":{"Message":"Route matched with {action = \u0022Index\u0022, controller = \u0022Home\u0022, area = \u0022\u0022}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.HomeController (Nop.Web).","RouteData":"{action = \u0022Index\u0022, controller = \u0022Home\u0022, area = \u0022\u0022}","MethodInfo":"Microsoft.AspNetCore.Mvc.IActionResult Index()","Controller":"Nop.Web.Controllers.HomeController","AssemblyName":"Nop.Web","{OriginalFormat}":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName})."}}
nopcommerce_web        | {"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Authorization failed for the request at filter \u0027Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttribute\u002BHttpsRequirementFilter\u0027.","State":{"Message":"Authorization failed for the request at filter \u0027Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttribute\u002BHttpsRequirementFilter\u0027.","AuthorizationFilter":"Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttribute\u002BHttpsRequirementFilter","{OriginalFormat}":"Authorization failed for the request at filter \u0027{AuthorizationFilter}\u0027."}}
Ral
  • 332
  • 2
  • 14

2 Answers2

0

Since version 4.50, nopCommerce has changed this API. You should use the UseProxy option (set to true value) in appSettings.json file instead of the UseHttpXForwardedProto.

Alexey
  • 26
  • 2
0

You can clear KnownNetworks and KnownProxies in ForwardedHeadersOptions or set ASPNETCORE_FORWARDEDHEADERS_ENABLED to true that does the same. See more here. This answer also can help.

Dmitry Kiselev
  • 1
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Mar 27 '23 at 12:40