4

So I've looked at every sample configuration I could find and yet every time I try and view a page that requires ssl, I end up in an redirect loop. I'm running nginx/0.8.53 and passenger 3.0.2.

Here's the ssl config

server  {
  listen 443 default ssl;
  server_name <redacted>.com www.<redacted>.com;
  root /home/app/<redacted>/public;
  passenger_enabled on;
  rails_env production;  
  ssl_certificate      /home/app/ssl/<redacted>.com.pem;
  ssl_certificate_key  /home/app/ssl/<redacted>.key;

  proxy_set_header  X-Real-IP  $remote_addr;
  proxy_set_header  X_FORWARDED_PROTO https;
  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  Host $http_host;
  proxy_set_header  X-Url-Scheme $scheme;
  proxy_redirect    off;
  proxy_max_temp_file_size 0;

  location /blog {
    rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
  }

  location ~* \.(js|css|jpg|jpeg|gif|png)$ {
    if (-f $request_filename) {
      expires      max;
      break;
    }
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
    root   html;
  }
}

Here's the non-ssl config

server  {
  listen 80;
  server_name <redacted>.com www.<redacted>.com;
  root /home/app/<redacted>/public;
  passenger_enabled on;
  rails_env production;  

  location /blog {
    rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
  }

  location ~* \.(js|css|jpg|jpeg|gif|png)$ {
    if (-f $request_filename) {
      expires      max;
      break;
    }
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
    root   html;
  }
}

Let me know if there's any additional info I can give to help diagnose the issue.

brianthecoder
  • 141
  • 1
  • 2
  • What is an example URL you are requesting? What are the exact headers returned by the server? Curl (or telnet, or LiveHTTPHeaders for Firefox) is your friend. – larsks Jan 11 '11 at 02:16
  • ok, did that and here's what I got https://gist.github.com/2831f092b0be1476e708. It looks like the cookie is set to http only, could that be an issue? New to setting up and configuring ssl. I also tried changing the configuration as follows: https://gist.github.com/ce19ff0e50a35703278c – brianthecoder Jan 11 '11 at 02:43
  • 1
    The presence of the Phusion header and the cookie suggest that it is Rails or your app that is generating the redirect. Have a look in the rails log. – Ladadadada Oct 01 '11 at 15:56
  • The text of the redirect entity body looks like Rails, not nginx. – Michael Hampton Sep 26 '12 at 14:10

2 Answers2

2

It looks like your app isn't able to detect it's running on https and redirects to the https URL again and again.

Usually https is detected based on HTTPS environment variable, and passenger module for nginx allows to set one with passenger_set_cgi_param directive. Adding something like

passenger_set_cgi_param  HTTPS  on;

into the https server{} block should help.

Maxim Dounin
  • 3,596
  • 19
  • 23
0

I think that the proxy_set_header directives should be put in to the location sections.

Try using:

...
location / {
    # needed for SSL
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  X-Url-Scheme $scheme;
    proxy_max_temp_file_size 0;

    # Each of those lines may cause an infinate redirect loop
    #proxy_set_header X-FORWARDED_PROTO https;
    #proxy_set_header X-Forwarded-Proto $scheme;

    # This two may break the redirection when on ssl
    #proxy_set_header Host $http_host;
    #proxy_redirect off;
...

At least this works for me on a quite hard to setup environment with haproxy in front of nginx.

Hope this helps you.

Szymon Jeż
  • 3,377
  • 3
  • 17
  • 17
  • 1
    The `proxy_set_header` directive is allowed at http, server and location levels, see http://nginx.org/r/proxy_set_header. But as the config doesn't use proxy_pass at all (but uses passenger module instead) - it's completely useless here. – Maxim Dounin Sep 26 '12 at 08:08