Nginx HTTPS just forwards back to HTTP

August 21, 2018 823 views
Nginx Ubuntu 18.04

I’m attempting to setup a server block to use an EssentialSSL Cert I purchased from namecheap. But for some reason, any request made to my site via https gets redirected back to just http. If I try to do the 301 redirect for http to https, I end up in a redirect loop for eternity.

Right now, the server block I setup looks like this:

server {

        listen 443 ssl;
        listen [::]:443 ssl;
        server_name whatever.com;

        #SSL Settings
        ssl_certificate /var/www/whatever.com/cert/whatever.chained.crt;
        ssl_certificate_key /var/www/whatever.com/cert/whatever.com.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_ecdh_curve secp384r1;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;
        resolver 1.1.1.1 1.0.0.1 valid=300s;
        resolver_timeout 5s;
        # Disable preloading HSTS for now.  You can use the commented out header line that includes
        # the "preload" directive if you understand the implications.
        #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;

        root /var/www/whatever.com/public_html;
        index index.html index.htm;

         location / {
                try_files $uri $uri/ =404;
        }

I am running UFW but I have 443 wide open.

PS

nginx -V 2>&1 | grep ssl

configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-mcUg8N/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
2 comments
  • Did you try with a different browser?

  • Yes, all 3, including wiping cache and flushing DNS.

    What’s crazy, is unlike Chrome & Safari, firefox just stops on the redirect loop and shows the certificate. Anyways, I’m going to assume I’ve configured something wrong along the way.

    screenshot

2 Answers

Cloudflare, I use cloudflare!

If you use Cloudflare, you basically have to use their SSL. No way around it. I set the SSL to OFF under Crypto and Cloudflare stamps a 301 redirect onto your site. So when I added in my own 301 redirect to send http traffic to https, that resulted in a redirect loop.

Setting Cloudflare to Full(strict) has resolved the issue.

Have another answer? Share your knowledge.