Nginx HTTPS redirects causing loop
Posted
by
Ben Chiappetta
on Server Fault
See other posts from Server Fault
or by Ben Chiappetta
Published on 2012-12-18T16:16:10Z
Indexed on
2012/12/18
17:04 UTC
Read the original article
Hit count: 247
I've been banging my head against the wall trying to figure this out, so if anyone can help I'd appreciate it. My Nginx conf has three different redirect loops, haven't been able to get any of the three to work right. The three problem areas are:
- Redirecting memcache directory to SSL
- Redirecting accounts directory to SSL
- Redirecting SSL to www if non-www
nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log notice;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
proxy_set_header X-Url-Scheme $scheme;
#gzip on;
rewrite_log on;
include /etc/nginx/conf.d/*.conf;
}
conf.d/default.conf:
server {
listen 80;
server_name <redacted>.net;
rewrite ^(.*) http://www.<redacted>.net$1;
}
server {
listen 80;
server_name www.<redacted>.net;
set_real_ip_from 192.168.30.4;
set_real_ip_from 192.168.30.5;
set_real_ip_from 192.168.30.10;
real_ip_header X-Forwarded-For;
#charset koi8-r;
access_log /var/log/nginx/host.access.log main;
root /var/www/html;
index index.php index.html index.htm;
location =/memcache {
rewrite ^/(.*)$ https://$server_name$request_uri? permanent;
}
location /accounts {
rewrite ^/(.*)$ https://$server_name$request_uri? permanent;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
try_files $uri = 404;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
conf.d/ssl.conf:
# HTTPS server
#
server {
listen 443;
server_name <redacted>.net;
rewrite ^(.*) https://www.<redacted>.net$1;
}
server {
listen 443 default_server ssl;
server_name www.<redacted>.net;
set_real_ip_from 192.168.30.4;
set_real_ip_from 192.168.30.5;
set_real_ip_from 192.168.30.10;
real_ip_header X-Forwarded-For;
proxy_set_header X-Forwarded_Proto https;
proxy_set_header Host $host;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_set_header X-Forwarded-Ssl on;
set $https_enabled on;
ssl_certificate <redacted>.crt;
ssl_certificate_key <redacted>.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root /var/www/html;
index index.php index.html index.htm;
location /memcache {
auth_basic "Restricted";
auth_basic_user_file $document_root/memcache/.htpasswd;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include /etc/nginx/fastcgi_params;
try_files $uri = 404;
}
}
© Server Fault or respective owner