Too many redirects for subdirectory excluded from SSL

February 9, 2017 790 views
Nginx

Hey guys.
I had to update the SSL on the server, which I did through Laravel Forge. But since then the redirect that I had doesn't work anymore. Not sure what's happening...
If I leave the old nginx config neither blog nor site is available.
I'm trying to get the /blog/ served over http without ssl but I keep getting toomanyredirects errors. Here is the config (it worked in the past but since I did a SSL update something changed somewhere - maybe with Forge - idk but don't think it matters to find solution):

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/go.com/before/*;

server {
    listen 443 ssl;
    server_name .go.com;

    location /blog/ {
        #return 301 http://blog.go.com;
        proxy_set_header X-Original-Host $host;
        proxy_set_header X-Is-Reverse-Proxy "true";
        proxy_pass_header Set-Cookie;
        proxy_cookie_path / /blog/;
        proxy_pass http://blog.go.com/;
        expires off;
    }

    # location /wp-admin/ {
    #     return 301 http://go.com/blog$request_uri;
    # }

    # FORGE CONFIG (DOT NOT REMOVE!)
    include forge-conf/go.com/server/*;

    location / {
        return 301 https://go.com$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name .go.com;
    root /home/forge/go.com/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/go.com/166494/server.crt;
    ssl_certificate_key /etc/nginx/ssl/go.com/166494/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    index index.html index.htm index.php;

    charset utf-8;

    location /blog {
        return 301 http://go.com$request_uri;
    }
    # FORGE CONFIG (DOT NOT REMOVE!)
    include forge-conf/go.com/server/*;
[etc...]

If I modify to the following I can access site but the blog is still not working

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/go.com/before/*;

server {
    listen 80;
    server_name .go.com;

    location /blog/ {
        #return 301 http://blog.go.com;
        proxy_set_header X-Original-Host $host;
        proxy_set_header X-Is-Reverse-Proxy "true";
        proxy_pass_header Set-Cookie;
        proxy_cookie_path / /blog/;
        proxy_pass http://blog.go.com/;
        expires off;
        # return 301 http://go.com$request_uri;
    }

    # FORGE CONFIG (DOT NOT REMOVE!)
    include forge-conf/go.com/server/*;

    location / {
        return 301 https://go.com$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name .go.com;
    root /home/forge/go.com/public;

    location /blog/ {
        return 301 http://go.com$request_uri;
    }

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/go.com/166494/server.crt;
    ssl_certificate_key /etc/nginx/ssl/go.com/166494/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    index index.html index.htm index.php;

    charset utf-8;

    include forge-conf/go.com/server/*;

If I add the reverse proxy block in the 443 listen part it serves correctly over https - but I can't have it like that because of mixed content (original server being http for the blog)

Edit: More info, here is the setup - not ideal but no choice: blog.example.com is hosted on apache on a different server that doesn't have SSL. example.com/blog/ serves in reverse proxy the blog located blog.example.com. example.com has an SSL certificate. I don't want to serve the blog over https otherwise I need another certificate for blog.example.com

2 Answers

@commandantp

Just to be clear, are you wanting to server blog from domain.com/blog or blog.domain.com?

If you're wanting to serve it from a sub-domain, it'd be better to simply create a server block that will handle it exclusively. For example:

server {
    listen 80;
    server_name blog.domain.com www.blog.domain.com;

    root /path/to/blog;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;

        include /path/to/fastcgi_params.conf;
    }
}

You would need to modify the above and set /path/to/fastcgi_params.conf to it's location on your server.

Once set, the above should handle blog.domain.com and www.blog.domain.com as long as your DNS is setup for it.

This is one way of handling it and the route I'd take. I prefer to use individual server blocks when and where possible over handling numerous items in a single block.

  • @nanne

    As an example of what's in the fastcgi_params file I mention above, here's what one of mine looks like:

        fastcgi_param  SCRIPT_FILENAME    $request_filename;
    
        fastcgi_connect_timeout 60;
        fastcgi_send_timeout 180;
        fastcgi_read_timeout 180;
        fastcgi_buffer_size 512k;
        fastcgi_buffers 512 16k;
        fastcgi_busy_buffers_size 1m;
        fastcgi_temp_file_write_size 4m;
        fastcgi_max_temp_file_size 4m;
        fastcgi_intercept_errors off;
    
        fastcgi_param  PATH_INFO          $fastcgi_path_info;
        fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
    
        fastcgi_param  QUERY_STRING       $query_string;
        fastcgi_param  REQUEST_METHOD     $request_method;
        fastcgi_param  CONTENT_TYPE       $content_type;
        fastcgi_param  CONTENT_LENGTH     $content_length;
    
        fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
        fastcgi_param  REQUEST_URI        $request_uri;
        fastcgi_param  DOCUMENT_URI       $document_uri;
        fastcgi_param  DOCUMENT_ROOT      $document_root;
        fastcgi_param  SERVER_PROTOCOL    $server_protocol;
        fastcgi_param  REQUEST_SCHEME     $scheme;
        fastcgi_param  HTTPS              $https if_not_empty;
        fastcgi_param  HTTP_PROXY         "";
    
        fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
        fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
    
        fastcgi_param  REMOTE_ADDR        $remote_addr;
        fastcgi_param  REMOTE_PORT        $remote_port;
        fastcgi_param  SERVER_ADDR        $server_addr;
        fastcgi_param  SERVER_PORT        $server_port;
        fastcgi_param  SERVER_NAME        $server_name;
    
        fastcgi_param  REDIRECT_STATUS    200;
    

Hi! Thanks for helping.
So I'm reverse proxy-ing blog.domain.com to domain.com/blog/.
The blog.domain.com is not hosted on the same server.
Thanks :)

Have another answer? Share your knowledge.