0

I have nodejs app (which works fine locally) behind nginx with following configuration :

00_elastic_beanstalk_proxy.conf

upstream nodejs {
    server 127.0.0.1:8081;
    keepalive 256;
}

server {
    listen 8080;
    return 301 https://$host$request_uri;

    location / {
        proxy_pass  http://nodejs;
        proxy_set_header   Connection "";
        proxy_http_version 1.1;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP   $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    gzip on;
    gzip_comp_level 4;
    gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascrip$

}

https.conf

server {
    listen   443;
    server_name  localhost;
    ssl                  on;
    ssl_certificate  /etc/pki/tls/certs/server.crt;
    ssl_certificate_key  /etc/pki/tls/certs/server.key;
    ssl_session_timeout  5m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;
    location / {
        proxy_pass  http://nodejs;
        proxy_set_header   Connection "";
        proxy_http_version 1.1;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP   $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

I took it over after someone and not sure which part is generated by amazon ELB.

Both nginx & node app is up and I'm getting: __url__ redirected you too many times.

Arek S
  • 121
  • 3
  • Does this happen as well if you remove the `return 301 ... ` directive? – gxx Jun 16 '16 at 06:46
  • no, it doesnt - it loads it as http – Arek S Jun 16 '16 at 06:47
  • So...put it back inside the config, but change it to: `return 301 https://$server_name$request_uri;` Additionally, add the appropriate `server_name ... ` directive, similar to the one in `https.conf`. – gxx Jun 16 '16 at 06:53
  • I've tried that, it doesnt help – Arek S Jun 16 '16 at 06:54
  • Enable [debug logging](http://nginx.org/en/docs/debugging_log.html#clients) and show the output of one request. – gxx Jun 16 '16 at 06:56

1 Answers1

2

Load balancer was forwarding request over HTTP and that was creating redirect loop.

I've fixed it by adding a check for $http_x_forwarded_proto header around my redirect:

if ($http_x_forwarded_proto != "https") { 
    return 301 https://$host$request_uri; 
}
Arek S
  • 121
  • 3