Nginx reverse proxy too many redirections

Question

I want to configure nginx to act as a reverse proxy that will redirect to two different Kibana hosts depending on the passed URI. / redirect to the standard and /october/ to the october dedicated Kibana. The first part of the configuration (/) works well but I got a Too many redirections error when a try to access /october. I tried to comment out the second part (location /october/) and replace localhost by 10.10.0.3 in the first one and I'm redirected to the october platform. So the problem is on this nginx configuration.

server {
    listen                  80;
    server_name             my.domain.io;
    return                  301 https://$server_name;
}

server {
    listen                  443 ;
    ssl                     on;
    ssl_certificate         /etc/letsencrypt/live/my.domain.io/cert.pem;  
    ssl_certificate_key     /etc/letsencrypt/live/my.domain.io/privkey.pem;  
    server_name             my.domain.io; 
    access_log              /var/log/nginx/kibana.access.log;
    error_log               /var/log/nginx/kibana.error.log;

    location / {
            auth_basic              "Restricted";
            auth_basic_user_file    /etc/nginx/conf.d/kibana.htpasswd;


            location / {
                    proxy_pass              http://localhost:5601;
                    proxy_http_version      1.1;
                    proxy_set_header        Upgrade $http_upgrade;
                    proxy_set_header        Connection 'upgrade';
                    proxy_set_header        Host $host;
                    proxy_cache_bypass      $http_upgrade;
            }

            location /october/ {
                    proxy_pass              http://10.10.0.3:5601;
                    proxy_http_version      1.1;
                    proxy_set_header        Upgrade $http_upgrade;
                    proxy_set_header        Connection 'upgrade';
                    proxy_set_header        Host $host;
                    proxy_cache_bypass      $http_upgrade;
            }
    }
}

You are missing the `ssl` directive in your `listen` directive. HTTPS doesn't work with this configuration. — Tero Kilkanen, Dec 21 '16 at 10:24
@TeroKilkanen Docs say: `It is recommended to use the ssl parameter of the listen directive instead of this directive.` Hence his config must still work with `ssl on;` — NarūnasK, Dec 21 '16 at 10:30
@TeroKilkanen The SSL configuration works well with Let's encrypt as the CA. The problem is about the second location `/october/` — Quentin, Dec 21 '16 at 10:49

NarūnasK · Answer 1 · 2016-12-21T16:39:15.743

2

I think you have had your locations nested incorrectly, please try the following:

server {
    listen                  443 ;
    ssl                     on;
    ssl_certificate         /etc/letsencrypt/live/my.domain.io/cert.pem;  
    ssl_certificate_key     /etc/letsencrypt/live/my.domain.io/privkey.pem;  
    server_name             my.domain.io; 
    access_log              /var/log/nginx/kibana.access.log;
    error_log               /var/log/nginx/kibana.error.log;

    auth_basic              "Restricted";
    auth_basic_user_file    /etc/nginx/conf.d/kibana.htpasswd;

    location / {
            proxy_pass              http://localhost:5601;
            proxy_http_version      1.1;
            proxy_set_header        Upgrade $http_upgrade;
            proxy_set_header        Connection 'upgrade';
            proxy_set_header        Host $host;
            proxy_cache_bypass      $http_upgrade;
    }

    location ~ ^/october.*$ {
            proxy_pass              http://10.10.0.3:5601;
            proxy_http_version      1.1;
            proxy_set_header        Upgrade $http_upgrade;
            proxy_set_header        Connection 'upgrade';
            proxy_set_header        Host $host;
            proxy_cache_bypass      $http_upgrade;
    }

}

edited Dec 21 '16 at 16:39

answered Dec 21 '16 at 10:23

NarūnasK

358
4
16

I tried you configuration but stills not work `Too many redirections` in Safari. But thank you for informing me that this `double-nested location loop` was not necessary (I get the configuration file from an other nginx server and I'm totaly new to nginx). – Quentin Dec 21 '16 at 10:46
Are you saying you get that redirection loop only on `Safari`? If so please make sure to clear browser cache before you re-try. – NarūnasK Dec 21 '16 at 10:51
No, I got this error in every browser (at least Chrome and Safari). I cleared the cache, same problem... – Quentin Dec 21 '16 at 10:53
Please try edited config. – NarūnasK Dec 21 '16 at 11:01
The `Too many redirections` errors disappeared but now, I reach the first (localhost) Kibana in any case... So strange... – Quentin Dec 21 '16 at 11:04
How do you access your october kibana? Using `/october` or `/october/`? – NarūnasK Dec 21 '16 at 11:08
I tried both of them and it's the same result. It returns the original "localhost" Kibana – Quentin Dec 21 '16 at 11:11
@Kuaaaly As suggested in the other answer try to play a little with [proxy_redirect](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect) directive. I think you may actually want to use `off` parameter. – NarūnasK Dec 21 '16 at 12:20

score 2 · Accepted Answer · edited Apr 13 '17 at 12:14

Thanks to the previous responses, I found the solution but don't exactly know "how" and "why" it works...

Here is my new configuration :

server {
    listen                  80;
    server_name             my.domain.io;
    return                  301 https://$server_name;
}

server {
    listen                  443 ;
    ssl                     on;
    ssl_certificate         /etc/letsencrypt/live/my.domain.io/cert.pem;
    ssl_certificate_key     /etc/letsencrypt/live/my.domain.io/privkey.pem;
    server_name             my.domain.io;
    access_log              /var/log/nginx/kibana.access.log;
    error_log               /var/log/nginx/kibana.error.log;

    auth_basic              "Restricted";
    auth_basic_user_file    /etc/nginx/conf.d/kibana.htpasswd;

    location / {
            proxy_pass              http://localhost:5601;
            proxy_http_version      1.1;
            proxy_set_header        Upgrade $http_upgrade;
            proxy_set_header        Connection 'upgrade';
            proxy_set_header        Host $host;
            proxy_cache_bypass      $http_upgrade;
    }

    location = /october {
            return 302 /october/;
    }

    location /october/ {
            proxy_pass              http://10.10.0.3:5601/;
            proxy_http_version      1.1;
            proxy_set_header        Upgrade $http_upgrade;
            proxy_set_header        Connection 'upgrade';
            proxy_set_header        Host $host;
            proxy_cache_bypass      $http_upgrade;
    }
}

There is no need for proxy_redirect directive. The trick was to add a / at the end of the /october location and redirect /october to /october/whit 302 code. Don't forget that you have to set server.basePath to "/october"in your kibana.yml file.

This post helped me : How to remove the path with an nginx proxy_pass

Hope this will help...

If `return 302 /october/` solved your problem, then my (again) edited answer should also work for you. Can you please confirm? — NarūnasK, Dec 21 '16 at 16:41
`nginx: [emerg] "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/conf.d/kibana4.conf:35 nginx: configuration file /etc/nginx/nginx.conf test failed` — Quentin, Dec 21 '16 at 16:44
I did not but I've done it and I got a `{"statusCode":404,"error":"Not Found"}` coming from Kibana I suppose. — Quentin, Dec 21 '16 at 16:48
Thanks. That means it's working, only kibana cannot understand `/october` — NarūnasK, Dec 21 '16 at 16:52

score 0 · Answer 3 · answered Dec 21 '16 at 11:20

With the configuration given, requests to /october/some/path will be passed as-is to your second Kibana host, which is probably not configured to expect requests prefixed with /october.

I don't know Kibana but a quick search brought me to the configuration documentation for 5.1 which has a server.basePath configuration value. Try setting this to "/october".

In addition, as the docs say this value only affects the URLs generated by Kibana you will need to add a proxy_redirect directive to the nginx configuration and modify the proxy_pass nginx directive, appending a / to the backend URL:

server {
    listen                  80;
    server_name             my.domain.io;
    return                  301 https://$server_name;
}

server {
    listen                  443 ;
    ssl                     on;
    ssl_certificate         /etc/letsencrypt/live/my.domain.io/cert.pem;  
    ssl_certificate_key     /etc/letsencrypt/live/my.domain.io/privkey.pem;  
    server_name             my.domain.io; 
    access_log              /var/log/nginx/kibana.access.log;
    error_log               /var/log/nginx/kibana.error.log;

    location / {
            auth_basic              "Restricted";
            auth_basic_user_file    /etc/nginx/conf.d/kibana.htpasswd;


            location / {
                    proxy_pass              http://localhost:5601;
                    proxy_http_version      1.1;
                    proxy_set_header        Upgrade $http_upgrade;
                    proxy_set_header        Connection 'upgrade';
                    proxy_set_header        Host $host;
                    proxy_cache_bypass      $http_upgrade;
            }

            location /october/ {
                    proxy_pass              http://10.10.0.3:5601/;
                    proxy_redirect          /   /october/;
                    proxy_http_version      1.1;
                    proxy_set_header        Upgrade $http_upgrade;
                    proxy_set_header        Connection 'upgrade';
                    proxy_set_header        Host $host;
                    proxy_cache_bypass      $http_upgrade;
            }
    }
}

proxy_redirect rewrites URLs returned in "Location" and "Refresh" headers, and the additional slash causes the proxy module to strip off the path matched by the nginx "location" directive. These effectively compliment each other.

Thank you so much guys (both of you). I've successfully set up a viable solution by mixing your different propositions. I'll detailed it in an other post bellow. — Quentin, Dec 21 '16 at 14:44

Nginx reverse proxy too many redirections

3 Answers3