Question
ERR_TOO_MANY_REDIRECTS after setting up SSL AdonisJS
- Posted April 27, 2019
- Node.jsNginxUbuntu 18.04
Hello there. I am having issues setting up this droplet to work well with SSL.
I have a node backend server API running (AdonisJS) there, it was working fine without SSL on port 3030. After installing the SSL cert with certbot, using their CLI options to redirect all unsafe routes to SSL, I can`t access the API anymore.
If I try to access from a browser I get ERR_TOO_MANY_REDIRECTS. If I try to access from insomnia it returns SSL ERR and if I try to access it from a frontend site hosted in Netlify I get:
Access to XMLHttpRequest at 'https://madz.tech/sessions' from origin 'https://5cc4cdb10fae89f2ac991a80--meetappmoreno.netlify.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
It is my first time working with nginx I really have no idea how to setup it properly, all the help is apreciatted.
My current sites-available/backend file is:
upstream adonisjs {
server 127.0.0.1:3333;
keepalive 64;
}
server {
server_name adonisjs;
root /home/www/meetups-goStack;
server_name madz.tech madz.tech;
return 301 https://$host;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/madz.tech/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/madz.tech/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = madz.tech) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name adonisjs;
server_name madz.tech madz.tech;
return 404; # managed by Certbot
}
Thanks!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
When you want to make a XML HTTP Request from one domain to another you need to include special headers in the response to allow this because all browsers prevent cross domain requests if the response does not contain this header “Access-Control-Allow-Origin”.
Use this line to add the header when ever you request your API
add_header Access-Control-Allow-Origin *;
Or you can only allow your other domain to access the API
add_header Access-Control-Allow-Origin https://5cc4cdb10fae89f2ac991a80--meetappmoreno.netlify.com;
And restart nginx sudo systemctl restart nginx
Hope this helps best of luck from DO community :)
What i believe happened is that certbot added a second redirect and that conflicts with the redirect you already had in the config. I just highlighted the strings in your code where those 2 redirects are. Sorry for the confusion. :D
I will give it a try thanks!