Moodle 3.7 & Apache & reverse proxy results ERR_TOO_MANY_REDIRECTS

Question

Moodle 3.7 Apache with reverse proxy results ERR_TOO_MANY_REDIRECTS.

I have an SSL site with following vhosts file on Frontend server:

<VirtualHost *:80>
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>     


<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName moodle.site.com:443

SSLEngine on
SecAuditEngine On
RewriteEngine On

    ProxyPreserveHost On
    ProxyPass / http://101.102.103.104:80/
    ProxyPassReverse / http://101.102.103.104:80/

</VirtualHost>                                  
</IfModule>

I also redirect all 80 port requests to SSL port.

The command

curl -I https://moodle.site.com/

results:

HTTP/1.1 303 See Other
Date: Fri, 09 Aug 2019 19:13:33 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000; includeSubDomains
Location: https://moodle.site.com
Content-Language: en
Content-Type: text/html; charset=UTF-8

On Backend server in Moodle config.php I have:

$CFG->wwwroot   = 'https://moodle.site.com';
$CFG->reverseproxy = true;
$CFG->sslproxy  = 1;

Any idea why I get "ERR_TOO_MANY_REDIRECTS" error in Google Chrome, when I try to open https://moodle.site.com URL?

EDIT1:

101.102.103.104 is the IP address of the Moodle backend server. The frontend server has moodle.site.com subdomain name, which resolves to 1.2.3.4. The user enters the moodle.site.com URL, which should reverse proxy content from Moodle backend server from 101.102.103.104 IP address.

I don't see anything wrong with your frontend httpd or your moodle configuration. How about the configuration of your backend httpd? I suspect that there is a redirect in it's confifuration. — Gerald Schneider, Aug 13 '19 at 06:17
Do you really have the port number in `ServerName moodle.site.com:443`? I'm not familiar with moodle, but you should remove the `:443` suffix (and add the same line to your port 80 vhost and maybe add logging to both vhosts). — Freddy, Aug 13 '19 at 06:43
Is your moodle site on the backend server setup as http or https? You've got https in the wwroot setting, but you're proxy passing to http. Can you post the ***apache config*** for the backend server? — Smock, Aug 13 '19 at 08:44

score 2 · Answer 1 · edited Dec 30 '20 at 14:20

2

I had the same problem. Do not change anything in setuplib.php. Simply remove the $CFG->reverseproxy = true; in php.config and include the route to your moodle installation as https://.... in the $CFG->wwwroot of config.php.

So, your config.php file would contain:

$CFG->wwwroot = "https://server/dirs";
$CFG->sslproxy = true;

edited Dec 30 '20 at 14:20

Andrew Schulman

8,811
21
32
47

answered Dec 29 '20 at 13:13

Javier Sarsa

21
2

You just saved me after 9 hours of debugging this! – realnsleo Sep 20 '21 at 18:28

score 1 · Answer 2 · answered Dec 02 '20 at 13:41

I have no access to web server config so I have to find this workaround. File lib/setuplib.php, line 900 in my case, Moodle comment of this: $CFG->sslproxy specifies if external SSL appliance is used (That is, the Moodle server uses http, with an external box translating everything to https).

Change

  if (empty($CFG->sslproxy))

for

  if (!empty($CFG->sslproxy))

That was all needed to begin installation normally. (after two hours of debugging inserting die()'s everywhere)

klor · Accepted Answer · 2020-10-12T14:52:15.397

I had 4 problems, so I had to fix them (command line commands should be executed as root or use sudo):

1) on proxied server, the mod_ssl Apache module was not activated. Test in the command line, if mod_ssl is active:

apache2ctl -M | grep ssl

Should display this (if active):

ssl_module (shared)

FIX (enable mod_ssl in the command line):

a2enmod ssl
# Considering dependency setenvif for ssl:
# Module setenvif already enabled
# Considering dependency mime for ssl:
# Module mime already enabled
# Considering dependency socache_shmcb for ssl:
# Enabling module socache_shmcb.
# Enabling module ssl.
# See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
# To activate the new configuration, you need to run:
# systemctl restart apache2

2) I use the Header directive in Apache SSL conf file, like this:

# Guarantee HTTPS for 180 days including sub domains 
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"

Because of this mod_headers Apache module is required, it was not activated. Test in the command line, if mod_headers is active:

apache2ctl -M | grep headers

Should display this (if active):

headers_module (shared)

FIX (enable mod_headers in the command line):

a2enmod headers

3) I had to use https ProxyPass URL instead of http in Apache vhost conf file :

Wrong:

ProxyPass / http://101.102.103.104:80/
ProxyPassReverse / http://101.102.103.104:80/

GOOD:

ProxyPass / https://101.102.103.104/
ProxyPassReverse / https://101.102.103.104/

4) Had to turn on SSLProxyEngine directive to use SSL in ProxyPass in Apache vhost conf file.

FIX: Added SSLProxyEngine on in /etc/apache2/sites-available/myvhost.conf

SSLProxyEngine on

Moodle 3.7 & Apache & reverse proxy results ERR_TOO_MANY_REDIRECTS

3 Answers3