Question

Nginx reverse proxy to another nginx loop

Posted December 22, 2019 506 views
Nginx

Hi there,
I want to install Prestashop on a dedicated Nginx server called “presta” (192.168.1.19).
Not used to nginx and I wonder why I get redirection cycle, would need your advice.

On my front end nginx let’s call it “rproxy” 192.168.1.5 I have this configuration :

server {
    if ($host = www.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
        listen   80;
        server_name     www.mydomain.com;
                return 301 https://www.mydomain.com$request_uri;
}
server {
    listen 443;
    server_name www.mydomain.com;
    error_log /var/log/nginx/mydomain.error.log;
    access_log /var/log/nginx/mydomain.access.log;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem; # managed by Certbot
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    set $upstream 192.168.1.19;
    location / {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_header Authorization;
        proxy_pass http://$upstream;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_buffering off;
        client_max_body_size 0;
        proxy_read_timeout 36000s;
        proxy_redirect off;
    }
}

and on my dedicated nginx server I get this :

server {
        listen   80;
        server_name     www.mydomain.com;

        root /var/www/mydomain;
                index index.php index.html index.htm;

                if ($http_host != "www.mydomain.com") {
                rewrite ^ https://www.mydomain.com$request_uri permanent;
                }
                location = /favicon.ico {
                log_not_found off;
                access_log off;
                }
                location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
                }
                # deny access to .htaccess files, if Apache's document root
                # concurs with nginx's one
                location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
                }
                location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.html;
                #try_files $uri $uri/ =404;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
                }

                rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
                rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last;
                rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
                rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
                rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
                rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
                rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
                rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
                rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
                rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg last;
                rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
                rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last;

                try_files $uri $uri/ /index.php$is_args$args;
                error_page 404 /index.php?controller=404;

                location ~* \.(gif)$ {
                expires 2592000s;
                }
                location ~* \.(jpeg|jpg)$ {
                expires 2592000s;
                }
                location ~* \.(png)$ {
                expires 2592000s;
                }
                location ~* \.(css)$ {
                expires 604800s;
                }
                location ~* \.(js|jsonp)$ {
                expires 604800s;
                }
                location ~* \.(js)$ {
                expires 604800s;
                }
                location ~* \.(ico)$ {
                expires 31536000s;
                }

                # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
                #
                location ~ \.php$ {
                        include snippets/fastcgi-php.conf;
                #fastcgi_pass 127.0.0.1:9000;
                #fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
                }
}

I always got the following error :

2019/12/22 15:44:56 [error] 3031#3031: *9 open() "/var/www/mydomain/img/app_icon.png" failed (2: No such file or directory), client: 192.168.1.5, server: www.mydomain.com, request: "GET /img/app_icon.png HTTP/1.1", host: "www.mydomain.com"
2019/12/22 15:45:03 [error] 3031#3031: *82 open() "/var/www/mydomain/img/app_icon.png" failed (2: No such file or directory), client: 192.168.1.5, server: www.mydomain.com, request: "GET /img/app_icon.png HTTP/1.1", host: "www.mydomain.com"

Would appreciate your help on this guys!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers

Hi @akaiispam,

The configuration looks quite good! I could suggest a couple things:

  • Try disabling the HTTP to HTTPS redirect rule on your dedicated Nginx server, so change this:
...
                if ($http_host != "www.mydomain.com") {
                rewrite ^ https://www.mydomain.com$request_uri permanent;
                }
...

To this:

...
               # if ($http_host != "www.mydomain.com") {
               # rewrite ^ https://www.mydomain.com$request_uri permanent;
               # }
...

After that run a config test:

sudo nginx -t

And if you get a Syntax OK message restart Nginx:

sudo systemctl restart nginx
  • I could also suggest making sure that your document root /var/www/mydomain and the files and folders in it are owned by Nginx so that Nginx could read the files in there. To do that first find out which user is your Nginx service running with:
ps aux | grep nginx

You should see something like this:

ps aux | grep nginx
www-data 5131  0.0  1.1 1063424 11428 ?       Sl   00:00   0:02 nginx

So in my case, it is the www-data user. This means that I would need to run the following command:

sudo chown -R www-data:www-data /var/www/mydomain

Then test your site again.

  • If both of those suggestions do not work, what I could suggest next is trying to access your site directly on the dedicated Nginx server and see if you get that redirect loop there as well, that way you should be able to narrow it down and see if it is a problem with the reverse proxy or the Nginx server itself.

Hope that this helps!
Regards,
Bobby

Hi@bobbyiliev

I followed your advice and I still get the same error message

even passing directly to the destination server is not working

Submit an Answer