1

The issue is with ERR_TOO_MANY_REDIRECTS from my Apache reverse proxy for secured connection to prestashop frontend on backend host (admin panel is reachable trough ssl correctly). I suspect the issue is on the PrestaShop backend, since redirect to static page through SSL on the same endpoint works fine. The infrastructure looks like this:

Apache 2.4 (proxy1) -> Apache 2.4 prestashop (web1) -> other backends

  • Port 80 from proxy to prestashop/static page on web1 redirect - OK
  • Port 443 from proxy to static page redirect on web1 - OK
  • Port 443 from proxy to prestashop redirect on web1 - NOK -> ERR_TOO_MANY_REDIRECTS

When opening firewall and accessing PrestaShop directly (internet -> web1) both http and https work correctly and there is no redirect loop.

DNS name is assigned to the reverse proxy host. Backend prestashop and db hosts are unreachable from the internet and are in separated private networks.

Reverse proxy conf:

<VirtualHost *:80>
    ServerName mydsn.com
    ProxyPass / http://web1:80/
    ProxyPassReverse / http://web1:80/
    LogLevel info
    ErrorLog logs/proxy_error.log
    CustomLog logs/proxy_access.log combined
</VirtualHost>

Listen 443

<VirtualHost *:443>
  ServerName mydns.com
  LogLevel info
  ErrorLog logs/ssl_proxy_error.log
  CustomLog logs/ssl_proxy_access.log combined
  SSLEngine on
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  SSLHonorCipherOrder On
  SSLCertificateFile /location/.crt
  SSLCertificateKeyFile /location/.key

  Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
  Header always set X-Frame-Options DENY
  Header set X-Content-Type-Options "nosniff"

  SSLProxyEngine on
  SSLProxyCheckPeerCN Off
  ProxyPass / https://web1:443/
  ProxyPassReverse / https://web1:443/
</VirtualHost>

Prestashop web1 conf:

<VirtualHost *:80>

    DocumentRoot /var/www/html/prestashop

    <Directory /var/www/html>
        AllowOverride All
        Options +Indexes
        Require all granted
    </Directory>

    LogLevel info
    ErrorLog /var/log/httpd/prestashop.error.log
    CustomLog /var/log/httpd/prestashop.access.log combined
</VirtualHost>

Listen 443

<VirtualHost *:443>

    DocumentRoot /var/www/html/prestashop

    SSLEngine on
    SSLCertificateFile /location/.crt
    SSLCertificateKeyFile /location/.key

    <Directory /var/www/html/prestashop>
        AllowOverride All
        Options +Indexes
        Require all granted
    </Directory>

    LogLevel info
    ErrorLog /var/log/httpd/ssl_prestashop_error.log
    CustomLog /var/log/httpd/ssl_prestashop_access.log combined
</VirtualHost>

SSL access log from proxy1

[14/Oct/2020:22:39:43 +0200] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36" 
[14/Oct/2020:22:39:43 +0200] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36" 
[14/Oct/2020:22:39:43+0200] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36"
[14/Oct/2020:22:39:43 +0200] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36"

SSL error log from proxy1

[Wed Oct 14 22:44:04.765460 2020] [ssl:info] [pid 4039:tid 140053310199552] [client x.x.x.x:52829] AH01964: Connection to child 192 established (server domain.com:443)
[Wed Oct 14 22:44:04.767596 2020] [ssl:info] [pid 4039:tid 140053268236032] [client x.x.x.x:52828] AH01964: Connection to child 197 established (server domain.com:443)
[Wed Oct 14 22:44:04.891242 2020] [ssl:info] [pid 4039:tid 140053268236032] [remote 10.0.0.3:443] AH01964: Connection to child 0 established (server domain.com:443)

SSL access log from web1 (prestashop)

[14/Oct/2020:22:49:11 +0200] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36"
[14/Oct/2020:22:49:11 +0200] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36"
[14/Oct/2020:22:49:11 +0200] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36"
[14/Oct/2020:22:49:12 +0200] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36"

SSL error log from web1 (prestashop)

[Wed Oct 14 22:47:39.141570 2020] [ssl:info] [pid 4872:tid 139643739694848] [client 10.0.0.2:43868] AH01964: Connection to child 199 established (server myfetish.pl:443)
Ronald
  • 11
  • 3
  • Configure prestashop with the correct URL. – Gerald Schneider Oct 15 '20 at 12:10
  • Does this answer your question? [Prestashop 1.7 too many redirects on frontend shop](https://serverfault.com/questions/824940/prestashop-1-7-too-many-redirects-on-frontend-shop) – Gerald Schneider Oct 15 '20 at 12:11
  • I believe PrestaShop URL is configured correctly - it points to the domain name. Provided solution relates strictly to single host issue accessing PrestaShop without proxy. When I open up firewall rules and access my PrestaShop directly through https it works fine. The redirects loop comes up only when going through proxy on https – Ronald Oct 15 '20 at 22:37
  • The configured URL must be the URL of your proxy, including HTTPS if you use it. Everything else results in a redirect to the configured URL by Prestashop. – Gerald Schneider Oct 16 '20 at 06:00

1 Answers1

0

I wasn't able to find any answer for the above issue so I turned to a different solution. I set up an nginx reverse proxy with SSL termination. This way both http and https traffic is pointing to port 80 on the backend. No more redirects loop

Ronald
  • 11
  • 3