37145f094374666639eae402ef2e25ce58c8ffe0
By:
lulzsecd

error too many redirect on nginx ?

July 3, 2015 8.3k views
Nginx Security Ubuntu

My site have just install SSL but SSL not work. If I type latena.vn, the site accessible normally but I type https://latena.vn my site unaccessible and receive a error too many redirect
I run command nginx -t and receive a warning
nginx: [warn] conflicting server name "latena.vn" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "latena.vn" on 0.0.0.0:443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
I checked dns server and don't have any redirect
This is my domain configuration:
server {
listen 80;
server_name latena.vn;
root /var/www/latena.vn/htdocs;
index index.php index.html index.htm;
include common/php-hhvm.conf;

include common/locations.conf;
include /var/www/latena.vn/conf/nginx/*.conf;
}

server {
listen 443 ssl spdy;
servername latena.vn;
ssl
certificate /etc/nginx/ssl/latenavnchain.crt;
ssl
certificatekey /etc/nginx/ssl/latenavn.key;
sslsessioncache shared:SSL:20m;
sslsessiontimeout 10m;
sslprotocols TLSv1 TLSv1.1 TLSv1.2;
ssl
preferserverciphers on;
sslciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl
buffersize 8k;
ssl
stapling on;
sslstaplingverify on;
ssltrustedcertificate /etc/nginx/ssl/latenavnchain.crt;
resolver 208.67.222.222 208.67.220.220 8.8.8.8 8.8.4.4;
ssl
dhparam /etc/nginx/ssl/dhparam.pem;
root /var/www/latena.vn/htdocs;
index index.php index.html index.htm;
include common/php-hhvm.conf;

include common/locations.conf;
include /var/www/latena.vn/conf/nginx/*.conf;
add_header Strict-Transport-Security "max-age=31536000";
}
Please help me resolve this error
Thankyou

2 Answers

I just had the exact same problem after enabling SSL. The issue for me was I have Rails set to config.force_ssl = true which relies on the proxy_set_header X-Forwarded-Proto https; header to know whether the request was over SSL or not. I didn't have that header to Rails would receive an SSL request thinking it wasn't with SSL which caused it to redirect to https.

Here's my working config:

upstream puma {
  server unix:///home/deploy/apps/genus/shared/tmp/sockets/genus-puma.sock;
}

server {
  listen 80;
  listen 443 ssl;
  server_name genusapp.com;

  ssl_certificate /home/deploy/apps/genus/genusapp_com.pem;
  ssl_certificate_key /home/deploy/apps/genus/genusapp_com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;


  root /home/deploy/apps/genus/current/public;
  access_log /home/deploy/apps/genus/current/log/nginx.access.log;
  error_log /home/deploy/apps/genus/current/log/nginx.error.log info;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  try_files $uri/index.html $uri @puma;
  location @puma {
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://puma;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 10M;
  keepalive_timeout 10;
}
Have another answer? Share your knowledge.