DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Related

How to set up my cloud/vps server using Ubuntu 12.04 LTS, Apache, MSQL, Phpmyadmin, PHP
Question
codeigniter PHP App on server. URL returns blank page
Question

Question

Nginx HTTPS Redirect Loop with no fix

Hi all,

I set up ssl certificate for my website recently and it was working but i messed up somewhere in the config.

I’ve replaced all my actual website link with *******.com

I run Ubuntu 16.04 Nginx 1.10 PHP7 MySql

Every time i visit my website on chrome, i get the error:

This page isn’t working

*******.com redirected you too many times. Try clearing your cookies. ERR_TOO_MANY_REDIRECTS

My config file is as follows:

server {
		listen 80 default_server;
		listen [::]:80 default_server;
	
		server_name	*******.com;
		return 301 $scheme://*******.com$request_uri;
	
		root /var/www/html;
		index index.html index.htm;
	
    location /
    {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
        fastcgi_index index.php;

        include /etc/nginx/config/php/fastcgi_params;
    }
	
server {
		listen 443 ssl http2;
		listen [::]:443 ssl http2;
		server_name *******.com;
 
 		root /var/www/html;
		index index.html index.htm;

		ssl on;
		ssl_certificate /etc/ssl/*******.com.certchain.crt;
		ssl_certificate_key /etc/ssl/*******.com.key;

 		ssl_session_cache shared:SSL:20m;
		ssl_session_timeout 60m;

 		ssl_prefer_server_ciphers on;
 		ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

		ssl_dhparam /etc/ssl/certs/dhparam.pem;

 		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

 		ssl_stapling on;
		ssl_stapling_verify on;
		ssl_trusted_certificate /etc/ssl/certs/trustchain.crt;
		resolver 8.8.8.8 8.8.4.4;

 		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

I’ve tried many solutions but havent come up with anything.

Plsease help me out!

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Robert KlebesJune 22, 2017

@shaansuleman,

Your real goal appears to be redirecting all HTTP traffic to HTTPS. First off, always use 302 redirects until you get things working; 301s are a PITA to clear from your browser.

Your problem is in the redirect URL. $scheme refers to “ftp://”, “http://” etc. Your redirect rule catches all http traffic and says to go to the same URL, because you used $scheme, which places the “http://” right back in. There’s your loop. The correct redirect for your purpose is:

return 302 https://*******.com$request_uri;

(remember, 302 until you’re sure it works, then change it to 301)

Jonathan TittleJune 22, 2017

@shaansuleman

The main issue I see is with the port 80 server block. I would condense it down as the location blocks and related directives are not needed if you are simply wanting to redirect traffic from port 80 to 443.

You’d also want to move some of the config from the port 80 server block to the port 443 server block.

What I would recommend using is:

server {
    listen 80;
    listen [::]:80;
    server_name *******.com;
    
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name *******.com;

    root /var/www/html;
    index index.html index.htm;

    ssl on;
    ssl_certificate /etc/ssl/*******.com.certchain.crt;
    ssl_certificate_key /etc/ssl/*******.com.key;

    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 60m;

    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/ssl/certs/trustchain.crt;
    resolver 8.8.8.8 8.8.4.4;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    location /
    {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
        fastcgi_index index.php;

        include /etc/nginx/config/php/fastcgi_params;
    }
}
App Platform: Run PHP apps without managing serversProduct

With App Platform, you can:

  • Build, deploy, and scale apps and static sites by simply pointing to your GitHub repository
  • Let us manage the infrastructure, app runtimes, and other dependencies
  • Get started by building and deploying three static sites for free

Related

How to set up my cloud/vps server using Ubuntu 12.04 LTS, Apache, MSQL, Phpmyadmin, PHP
Question
codeigniter PHP App on server. URL returns blank page
Question
App Platform: Run PHP apps without managing serversProduct

With App Platform, you can:

  • Build, deploy, and scale apps and static sites by simply pointing to your GitHub repository
  • Let us manage the infrastructure, app runtimes, and other dependencies
  • Get started by building and deploying three static sites for free