ERR_TOO_MANY_REDIRECTS after setting up SSL AdonisJS

April 27, 2019 487 views
Ubuntu 18.04 Nginx Node.js

Hello there. I am having issues setting up this droplet to work well with SSL.

I have a node backend server API running (AdonisJS) there, it was working fine without SSL on port 3030. After installing the SSL cert with certbot, using their CLI options to redirect all unsafe routes to SSL, I can`t access the API anymore.

If I try to access from a browser I get ERRTOOMANY_REDIRECTS.
If I try to access from insomnia it returns SSL ERR and if I try to access it from a frontend site hosted in Netlify I get:

Access to XMLHttpRequest at 'https://madz.tech/sessions' from origin 'https://5cc4cdb10fae89f2ac991a80--meetappmoreno.netlify.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

It is my first time working with nginx I really have no idea how to setup it properly, all the help is apreciatted.

My current sites-available/backend file is:

upstream adonisjs {
 server 127.0.0.1:3333;
 keepalive 64;
}
server {
 server_name adonisjs;
 root /home/www/meetups-goStack;
 server_name madz.tech madz.tech;
 return 301 https://$host;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/madz.tech/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/madz.tech/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



}

server {
    if ($host = madz.tech) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


 listen 80;
 server_name adonisjs;
 server_name madz.tech madz.tech;
    return 404; # managed by Certbot


}

Thanks!

3 comments
  • server {
     server_name adonisjs;
     root /home/www/meetups-goStack;
     server_name madz.tech madz.tech;
     return 301 https://$host;
    
    server {
        if ($host = madz.tech) {
            return 301 https://$host$request_uri;
        } # managed by Certbot
    
  • I will give it a try thanks!

  • What i believe happened is that certbot added a second redirect and that conflicts with the redirect you already had in the config. I just highlighted the strings in your code where those 2 redirects are. Sorry for the confusion. :D

1 Answer

@morenomdz

When you want to make a XML HTTP Request from one domain to another you need to include special headers in the response to allow this because all browsers prevent cross domain requests if the response does not contain this header “Access-Control-Allow-Origin”.

Use this line to add the header when ever you request your API

add_header Access-Control-Allow-Origin *;

Or you can only allow your other domain to access the API

add_header Access-Control-Allow-Origin https://5cc4cdb10fae89f2ac991a80--meetappmoreno.netlify.com;

And restart nginx sudo systemctl restart nginx

Hope this helps best of luck from DO community :)

Have another answer? Share your knowledge.