Nginx HTTPS redirects causing loop

Posted by Ben Chiappetta on Server Fault See other posts from Server Fault or by Ben Chiappetta
Published on 2012-12-18T16:16:10Z Indexed on 2012/12/18 17:04 UTC
Read the original article Hit count: 247

Filed under:
|
|

I've been banging my head against the wall trying to figure this out, so if anyone can help I'd appreciate it. My Nginx conf has three different redirect loops, haven't been able to get any of the three to work right. The three problem areas are:

  • Redirecting memcache directory to SSL
  • Redirecting accounts directory to SSL
  • Redirecting SSL to www if non-www

nginx.conf:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    error_log   /var/log/nginx/error.log  notice;
    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    proxy_set_header X-Url-Scheme $scheme;

    #gzip  on;
    rewrite_log on;
    include /etc/nginx/conf.d/*.conf;
}

conf.d/default.conf:

server {
    listen       80;
    server_name  <redacted>.net;
    rewrite      ^(.*) http://www.<redacted>.net$1;
}

server {
    listen       80;
    server_name  www.<redacted>.net;

    set_real_ip_from 192.168.30.4;
    set_real_ip_from 192.168.30.5;
    set_real_ip_from 192.168.30.10;
    real_ip_header   X-Forwarded-For;

    #charset koi8-r;
    access_log  /var/log/nginx/host.access.log  main;

    root        /var/www/html;
    index       index.php index.html index.htm;

    location  =/memcache {
        rewrite ^/(.*)$ https://$server_name$request_uri? permanent;
    }

    location /accounts {
        rewrite ^/(.*)$ https://$server_name$request_uri? permanent;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        /etc/nginx/fastcgi_params;
        try_files      $uri = 404;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

conf.d/ssl.conf:

# HTTPS server
#
server {
    listen       443;
    server_name  <redacted>.net;
    rewrite      ^(.*) https://www.<redacted>.net$1;
}

server {
    listen       443 default_server ssl;
    server_name  www.<redacted>.net;

    set_real_ip_from 192.168.30.4;
    set_real_ip_from 192.168.30.5;
    set_real_ip_from 192.168.30.10;
    real_ip_header   X-Forwarded-For;

    proxy_set_header X-Forwarded_Proto https;
    proxy_set_header Host $host;
    proxy_redirect off;
    proxy_max_temp_file_size 0;
    proxy_set_header X-Forwarded-Ssl on;
    set $https_enabled on;

    ssl_certificate      <redacted>.crt;
    ssl_certificate_key  <redacted>.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    root        /var/www/html;
    index       index.php index.html index.htm;

    location  /memcache {
        auth_basic "Restricted";
        auth_basic_user_file  $document_root/memcache/.htpasswd;
    }

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  HTTPS on;
        include        /etc/nginx/fastcgi_params;
        try_files      $uri = 404;
    }

}

© Server Fault or respective owner

Related posts about nginx

Related posts about ssl