0

I know the question has been asked countless times. Still cant get mine to work with the answers i've seen so far.

I'm trying to force redirect http to https with nginx. When i visit https//subdomain.example.com, everything works just well, but visiting http://subdomain.example.com gives me 

 "This Webpage has a redirect loop"

I've tried putting 

rewrite ^(.*) https://$host$1 permanent;

and 

return 301 https://www.mydomain.com$request_uri;

Tried 

proxy_set_header X-Forwarded-Proto $scheme;

didnt solve the issue. Please how can i solve this endless loop issue?

This is my nginx.conf

upstream unicorn {
server unix:/tmp/unicorn.example.sock fail_timeout=0;
}

server {
server_name subdomain.example.com;
listen 80;
return 301 https://$host$request_uri;
root /home/deploy/apps/example/current/public;

location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
proxy_set_header        X-Forwarded-Proto $scheme;
}

try_files $uri/index.html $uri @unicorn;
location @unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}

 error_page 500 502 503 504 /500.html;
 client_max_body_size 4G;
 keepalive_timeout 10;
}


server {
server_name subdomain.example.com;
listen 443;
root /home/deploy/apps/example/current/public;

location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
ssl on;
ssl_certificate /home/deploy/apps/example/shared/ssl_cert.crt;
ssl_certificate_key /home/deploy/apps/example/shared/ssl_private_key.key;
}#
dev
  • 111
  • 3

1 Answers1

1

This is likely due to your proxy target because you disabled proxy_redirect.

Also, why don't you serve evertything with HTTPS ?

Mixing both is likely to confuse visitors with browser warnings.

upstream unicorn {
    server unix:/tmp/unicorn.example.sock fail_timeout=0;
}


server {

    server_name _;
    listen 80 default_server;
    return 301 https://subdomain.example.com$request_uri;

}


server {

    server_name subdomain.example.com;
    listen 443 ssl;
    ssl_certificate /home/deploy/apps/example/shared/ssl_cert.crt;
    ssl_certificate_key /home/deploy/apps/example/shared/ssl_private_key.key;
    root /home/deploy/apps/example/current/public;

    client_max_body_size 4G;
    error_page 500 502 503 504 /500.html;
    keepalive_timeout 10;

    location /assets {
        expires max;
        gzip_static on;
        add_header Cache-Control public;
    }

    location / {
        try_files $uri/index.html $uri @unicorn;
    }

    location @unicorn {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_pass http://unicorn;
    }

}

This should do it except if your proxy target is doing weird stuff with missing X-Forwarded-Proto header, in this case change the fallback to this and hope it handles the redirect correctly :

location @unicorn {
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_pass http://unicorn;
    proxy_redirect off;
}
Xavier Lucas
  • 12,815
  • 2
  • 44
  • 50