SSL set up gives "redirected you too many times."

February 9, 2017 1.1k views
Let's Encrypt Ubuntu 16.04

Hi,

I am trying to set up SSL with this tutorial - https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04#step-1-install-let's-encrypt-client

Everything went okay but when I try to go to my subdomain (only this should be encrypted), I am getting following:

The work-bot.be-codified.com page isn’t working

work-bot.be-codified.com redirected you too many times.

Here is my /etc/nginx/sites-available/default file

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name work-bot.be-codified.com;
        return 301 https://$server_name$request_uri;

        # SSL configuration
        #
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        include snippets/ssl-work-bot.be-codified.com.conf;
        include snippets/ssl-params.conf;

Can somebody please tell me what is wrong?

2 Answers
UKn0Me February 9, 2017
Accepted Answer

Because you haven't used a second serverblock to house the SSL site's configuration, the return 301 https://$server_name$request_uri; line redirects you to the SSL version of your site regardless of the scheme.

To rectify this, you can split the configuration into 2 server blocks, one for plaintext and another for SSL.

server { # Non-SSL configuration
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name work-bot.be-codified.com;

    return 301 https://$server_name$request_uri;
}

server { # SSL configuration
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name work-bot.be-codified.com;

    include snippets/ssl-work-bot.be-codified.com.conf;
    include snippets/ssl-params.conf;
}

(NOT RECCOMENDED) OR you can put the non-SSL specific configuration inside and if block, and that would make it apply only over http (or vice versa). Note that if blocks are generally not a good idea to use for reasons outlined in https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name work-bot.be-codified.com;

    if ($scheme = "http") { # Only redirect if not using SSL
        return 301 https://$server_name$request_uri;
    }

    # SSL configuration
    #
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-work-bot.be-codified.com.conf;
    include snippets/ssl-params.conf;
}
Have another answer? Share your knowledge.