Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
871 views
in Technique[技术] by (71.8m points)

ssl - Nginx configuration leads to endless redirect loop

So I've looked at every sample configuration I could find and yet every time I try and view a page that requires ssl, I end up in an redirect loop. I'm running nginx/0.8.53 and passenger 3.0.2.

Here's the ssl config

server  {
  listen 443 default ssl;
  server_name <redacted>.com www.<redacted>.com;
  root /home/app/<redacted>/public;
  passenger_enabled on;
  rails_env production;  
  ssl_certificate      /home/app/ssl/<redacted>.com.pem;
  ssl_certificate_key  /home/app/ssl/<redacted>.key;

  proxy_set_header  X-Real-IP  $remote_addr;
  proxy_set_header  X_FORWARDED_PROTO https;
  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  Host $http_host;
  proxy_set_header  X-Url-Scheme $scheme;
  proxy_redirect    off;
  proxy_max_temp_file_size 0;

  location /blog {
    rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
  }

  location ~* .(js|css|jpg|jpeg|gif|png)$ {
    if (-f $request_filename) {
      expires      max;
      break;
    }
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
    root   html;
  }
}

Here's the non-ssl config

server  {
  listen 80;
  server_name <redacted>.com www.<redacted>.com;
  root /home/app/<redacted>/public;
  passenger_enabled on;
  rails_env production;  

  location /blog {
    rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
  }

  location ~* .(js|css|jpg|jpeg|gif|png)$ {
    if (-f $request_filename) {
      expires      max;
      break;
    }
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
    root   html;
  }
}

Let me know if there's any additional info I can give to help diagnose the issue.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

It's your line here:

  listen 443 default ssl;

change it to:

listen 443;
ssl on;

This I'll call the old style. Also, that along with

              proxy_set_header X_FORWARDED_PROTO https;
              proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header  Host $http_host;
              proxy_set_header  X-Url-Scheme $scheme;
              proxy_redirect    off;
              proxy_max_temp_file_size 0;

did the trick for me. I see now i am missing the real IP line you have, but so far, this got rid of my infinite loop problem with ssl_requirement and ssl_enforcer.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...