So I've looked at every sample configuration I could find and yet every time I try and view a page that requires ssl, I end up in an redirect loop. I'm running kind of ancient nginx server with nginx/1.10.2 and passenger 5.1.0. I also tried suggestions from stackoverflow answer 1 and stackoverflow answer 2
So now it's just redirecting from https to http in a loop. Despite as you can see I don't declare any 301 rule, which is weird curl --ssl https://website.com -v output:
* Connected to website.com port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/cert.pem
* CApath: none
* [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1):
* [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Server hello (2):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Certificate (11):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Server finished (14):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS handshake, Finished (20):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-RC4-SHA
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=website.com
* start date: Aug 29 00:00:00 2023 GMT
* expire date: Nov 27 23:59:59 2023 GMT
* subjectAltName: host "website.com" matched cert's "website.com"
* issuer: C=AT; O=ZeroSSL; CN=ZeroSSL RSA Domain Secure Site CA
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: website.com
> User-Agent: curl/7.87.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Status: 302 Found
< Location: http://website.com/
< Cache-Control: no-cache
< Strict-Transport-Security: max-age=31536000
< X-UA-Compatible: IE=Edge,chrome=1
< X-Runtime: 0.004605
< Date: Fri, 01 Sep 2023 08:31:00 GMT
< X-Powered-By: Phusion Passenger 5.1.0
< Server: nginx/1.10.2 + Phusion Passenger 5.1.0
<
* Connection #0 to host website.com left intact
<html><body>You are being <a href="http://website.com/">redirected</a>.</body></html>%
so my nginx.conf file: no-ssl block
server {
listen 80 default_server;
#listen [::]:80 default_server ipv6only=on;
server_name website.com www.website.com;
location / {
root /home/rails/website.com/public;
index index.html index.htm;
passenger_enabled on;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
passenger_enabled on;
}
passenger_app_root /home/rails/website.com;
}
ssl block:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/certificate.crt;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "RC4:HIGH:!aNULL:!MD5:!kEDH";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_max_temp_file_size 0;
root /home/rails/website.com/public;
index index.html index.htm index.nginx-debian.html;
server_name website.com;
location / {
root /home/rails/website.com/public;
index index.html index.htm;
passenger_enabled on;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
