0

I'm experiencing this weird redirect loop with my current TYPO3 vhost configuration. It's strange, because in Firefox it seems to work fine but it's not working in Chrome. It's also a mixed experience for other people at work. Some of them don't see the issue and some of them do. Though Mac users report to have this problem more often than the other OS's uers.

Anyway, here are the configuration files:

nginx.conf


user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

vhost:


server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 302 https://$host$request_uri;
}

server {        
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        include snippets/cert.conf;
        include snippets/ssl-params.conf;

        root /var/www/typo37/web;

        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
       }

       location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
       }

       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }

        location ~ \.php$ {
                        try_files $uri =404;
                        include /etc/nginx/fastcgi_params;
                        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_intercept_errors on;
                        fastcgi_buffer_size 128k;
                        fastcgi_buffers 256 16k;
                        fastcgi_busy_buffers_size 256k;
                        fastcgi_temp_file_write_size 256k;
                        fastcgi_read_timeout 1200;
                        fastcgi_param HTTPS on;
        }


        location ~ /\.(js|css)$ {
                expires 604800s;
        }

        if (!-e $request_filename){
                rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
        }

        location ~* ^/fileadmin/(.*/)?_recycler_/ {
                deny all;
        }
        location ~* ^/fileadmin/templates/.*(\.txt|\.ts)$ {
                deny all;
        }

        location ~* ^/typo3conf/ext/[^/]+/Resources/Private/ {
                deny all;
        }

        location ~* ^/(typo3/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) {
        }

        location / {

                        if ($query_string ~ ".+") {
                                return 405;
                        }
                        if ($http_cookie ~ 'nc_staticfilecache|be_typo_user|fe_typo_user' ) {
                                return 405;
                        } # pass POST requests to PHP
                        if ($request_method !~ ^(GET|HEAD)$ ) {
                                return 405;
                        }
                        if ($http_pragma = 'no-cache') {
                                return 405;
                        }
                        if ($http_cache_control = 'no-cache') {
                                return 405;
                        }
                        error_page 405 = @nocache;

                        try_files /typo3temp/tx_ncstaticfilecache/$host${request_uri}index.html @nocache;
        }

        location @nocache {
                        try_files $uri $uri/ /index.php$is_args$args;
        }
}

ssl-params.conf


ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

cert.conf


ssl_certificate /etc/ssl/certs/COMPANY.crt;
ssl_certificate_key /etc/ssl/private/COMPANY.key;

fastcgi_params


fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              off;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_param  REDIRECT_STATUS    200;

Please help me figure this out.

Ventus
  • 101
  • 2
  • Can you reproduce this redirect on you own? What is in the nginx access logs? You can also check server response headers in the Chrome Developer Tools. – AlexD Apr 18 '18 at 13:30
  • Yes, I can reproduce it on my own. But it's not consistent. Sometimes it loads just fine and sometimes I get the loop. The access log entry is not too descriptive: `x.x.x.x - - [18/Apr/2018:15:28:19 +0200] "GET /typo3/ HTTP/1.1" 302 170 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3393.4 Safari/537.36"` Here are the headers: `HTTP/1.1 302 Moved Temporarily Content-Length: 170 Content-Type: text/html Location: https://COMPANY.com/typo3/ Server: Microsoft-IIS/8.5 X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Date: Wed, 18 Apr 2018 13:40:22 GMT` – Ventus Apr 18 '18 at 13:43
  • Your server response headers are from Microsoft-IIS, not nginx. – AlexD Apr 18 '18 at 13:46
  • Yes, I saw that too which is strange, because there's no IIS installed there. It must be nginx impersonating IIS somehow... – Ventus Apr 18 '18 at 14:03
  • Check DNS settings for COMPANY.com, maybe it is resolving to something you don't expect. – AlexD Apr 18 '18 at 14:54
  • It appears that there was something funky in network and systems configuration. The IT dept has fixed it but I have no details of how and what was exactly wrong. Anyway, this works now, so I guess this question can be closed. – Ventus Jul 26 '18 at 08:54

0 Answers0