0

I recently added an ssl certificate to my site. It worked but sometime had error "too many redirects loop" in the browsers. I don't have much experience with servers and i setup it following an online guide.

Thanks for anybody help me.

Please help me!

This is my config


 upstream tomcat_server {
  server 127.0.0.1:8084 fail_timeout=0;
}

server {
  listen 80;
  listen [::]:80;
  server_name example.com www.example.com;
  rewrite ^(.*) https://example.com$1 permanent;
}

server {
  listen 443 ssl default_server;
  server_name     example.com www.example.com;  
  # access_log off;
  access_log /root/example.com/nginx-logs/access.log;
  # error_log off;
  error_log /root/example.com/nginx-logs/error.log;
  root            /root/Apache_Tomcat_7/webapps/ROOT;

# SSL
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
  ssl_prefer_server_ciphers on; 
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AVS128:EECDH+AES256:RSA+AES256:EESCD+3DES:RSA+3DES:!MD5;

        # Improve HTTPS performance with session resumption
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;

        # DH parameters
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        # Enable HSTS
        add_header Strict-Transport-Security "max-age=31536000" always;

  location / {

        # Forward SSL so that Tomcat knows what to do
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://tomcat_server;
        proxy_set_header X-Forwarded-Proto https;

        proxy_redirect off;
        proxy_connect_timeout      240;
        proxy_send_timeout         240;
        proxy_read_timeout         240;
  }
}
NHT
  • 1

1 Answers1

0

You can reference my answer here:

https://serverfault.com/a/938422/494728

from my understanding you are not just starting to use https on your server, you also made a redirection rule from http->https. So if the client will request http://example.com it will be redirected to https://example.com.

That makes sense, however I would simplify your configuration and would make a use of (301) Redirection rule instead.

server { listen 80; server_name example.com; return 301 https://$server_name$request_uri; } Your location section on the other hand may be as simplistic as specifying the location of your website as a directory, there is no need redirecting users to http, as it will cause a loop.

You may also reference the following response I did recently:

https://serverfault.com/a/940213/494728

Dmitriy Kupch
  • 471
  • 2
  • 6
  • Oh i don't think it is my reason . I used it before ( change "rewrite ^(.*) https://example.com$1 permanent;" TO "return 301 https://example.com$request_uri;" ) but sometime bug "too many redirects loop" still occurs. I want know sure my config below is correct. before I go to check source code. Do you find my config is correct ? – NHT Dec 20 '18 at 17:58
  • Where your tomcat server is located? Is it the same http server that you are redirecting to https? – Dmitriy Kupch Dec 20 '18 at 18:02
  • What happens when if you remove ``` server { listen 80; listen [::]:80; server_name example.com www.example.com; rewrite ^(.*) https://example.com$1 permanent; } ``` and then refer to the https ://example.com? – Dmitriy Kupch Dec 20 '18 at 18:03
  • yes. Tomcat server is located. After used " return 301 https://$server_name$request_uri;". That bug still happens sometimes. Do you see any of my configs that have hidden bugs? – NHT Dec 20 '18 at 18:10
  • Then specify the right port when you do proxy, otherwise you are still running in the loop: ``` proxy_pass http://localhost:8084; ``` – Dmitriy Kupch Dec 20 '18 at 18:16
  • Were you able to specify port like I mentioned above? – Dmitriy Kupch Dec 20 '18 at 19:24
  • in my config : "proxy_pass http://tomcat_server;" it had define above "upstream tomcat_server { server 127.0.0.1:8084 fail_timeout=0; }" I don't understand why must change " proxy_pass localhost:8084;" . However i will change it as you comment and feedback when had result follow website because it does not happen often – NHT Dec 22 '18 at 09:16