I want to redirect all my http traffic to redirect to https. I am using letsencrypt. I read online that return 301 https://$server_name$request_uri; would redirect all the traffic to my website over to https but instead it results in ERR_TOO_MANY_REDIRECTS.
Everything works fine without the above mention statement, but then I have to specifically specify https in the URL. Here’s my /etc/nginx/sites-available/default file:
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/mywebsite.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.me/privkey.pem;
root /home/website/mywebsite/public;
index index.html index.htm index.php;
server_name mywebsite.me www.mywebsite.me;
return 301 https://$server_name$request_uri;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
}
Where am I going wrong?
asked Sep 25, 2017 at 20:16
Pritam BohraPritam Bohra
3,7108 gold badges37 silver badges68 bronze badges
In my case it was Cloudflare. I had to change to Full SSL encryption
answered Mar 21, 2020 at 14:33
9
Change your config to below
server {
listen 80 default_server;
server_name mywebsite.me www.mywebsite.me;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/mywebsite.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.me/privkey.pem;
root /home/website/mywebsite/public;
index index.html index.htm index.php;
server_name mywebsite.me www.mywebsite.me;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
}
Your current config redirects on both http and https to https. So it becomes a infinite loop because of the return statement. You want return statement only when connection is http. So you split it into two server blocks
answered Sep 25, 2017 at 21:01
Tarun LalwaniTarun Lalwani
139k8 gold badges187 silver badges255 bronze badges
0
i had the same problem. i found lots of questions/answers and articles about it but nothing helped.
i then tried to access my site from a different browser and it worked just fine!
deleting the cache from my chrome browser solved it.
So — keep in mind when you try different solutions to also clear your cache
answered Mar 29, 2018 at 5:53
OritKOritK
5341 gold badge6 silver badges16 bronze badges
I want to redirect all my http traffic to redirect to https. I am using letsencrypt. I read online that return 301 https://$server_name$request_uri; would redirect all the traffic to my website over to https but instead it results in ERR_TOO_MANY_REDIRECTS.
Everything works fine without the above mention statement, but then I have to specifically specify https in the URL. Here’s my /etc/nginx/sites-available/default file:
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/mywebsite.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.me/privkey.pem;
root /home/website/mywebsite/public;
index index.html index.htm index.php;
server_name mywebsite.me www.mywebsite.me;
return 301 https://$server_name$request_uri;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
}
Where am I going wrong?
asked Sep 25, 2017 at 20:16
Pritam BohraPritam Bohra
3,7108 gold badges37 silver badges68 bronze badges
In my case it was Cloudflare. I had to change to Full SSL encryption
answered Mar 21, 2020 at 14:33
9
Change your config to below
server {
listen 80 default_server;
server_name mywebsite.me www.mywebsite.me;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/mywebsite.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.me/privkey.pem;
root /home/website/mywebsite/public;
index index.html index.htm index.php;
server_name mywebsite.me www.mywebsite.me;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
}
Your current config redirects on both http and https to https. So it becomes a infinite loop because of the return statement. You want return statement only when connection is http. So you split it into two server blocks
answered Sep 25, 2017 at 21:01
Tarun LalwaniTarun Lalwani
139k8 gold badges187 silver badges255 bronze badges
0
i had the same problem. i found lots of questions/answers and articles about it but nothing helped.
i then tried to access my site from a different browser and it worked just fine!
deleting the cache from my chrome browser solved it.
So — keep in mind when you try different solutions to also clear your cache
answered Mar 29, 2018 at 5:53
OritKOritK
5341 gold badge6 silver badges16 bronze badges
I’ve set up a magento webshop using the docker-compose.yml at the boottom. I want to reverse proxy it using nginx-proxy using a wildcard certificate which is mounted and available.
Everytime I access a page in Magento (uses an own Nginx container as a webserver) I get a Error 310 net::ERR_TOO_MANY_REDIRECTS
This is the generated part of my /etc/nginx/conf.d/default.conf
upstream shop.myshop.com {
# r-magento_app_1
server 172.17.0.9:80;
}
server {
server_name shop.myshop.com;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name shop.myshop.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:EC
DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA25
6:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES1
28-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:EC
DHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES1
28-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS
-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256
:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EX
PORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB
5-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_certificate /etc/nginx/certs/myshop.com.crt;
ssl_certificate_key /etc/nginx/certs/myshop.com.key;
add_header Strict-Transport-Security "max-age=31536000";
location / {
proxy_pass http://shop.myshop.com;
}
}
This is the relevant part of docker-compose.yml I use:
links:
- php-fpm
- db
volumes:
- "/var/magento2/src:/src"
environment:
- APP_MAGE_MODE=production
- VIRTUAL_HOST=shop.myshop.com
"php-fpm":
image: mageinferno/magento2-php:7.0.2-fpm-1
links:
- db
volumes:
- "/var/magento2/src:/src"
environment:
- APP_MAGE_MODE=production
- PHP_MEMORY_LIMIT=2048M
This is the /etc/nginx/conf.d/default.conf of the Magento Nginx:
upstream fastcgi_backend {
server php-fpm:9000;
}
server {
listen 80;
server_name localhost shop.myshop.com;
set $MAGE_ROOT /src;
set $MAGE_MODE production;
root $MAGE_ROOT/pub;
index index.php;
autoindex off;
charset off;
add_header 'X-Content-Type-Options' 'nosniff';
add_header 'X-XSS-Protection' '1; mode=block';
location /setup {
root $MAGE_ROOT;
location ~ ^/setup/index.php {
fastcgi_pass fastcgi_backend;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/setup/(?!pub/). {
deny all;
}
location ~ ^/setup/pub/ {
add_header X-Frame-Options "SAMEORIGIN";
}
}
location /update {
root $MAGE_ROOT;
location ~ ^/update/index.php {
fastcgi_split_path_info ^(/update/index.php)(/.+)$;
fastcgi_pass fastcgi_backend;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
# deny everything but index.php
location ~ ^/update/(?!pub/). {
deny all;
}
location ~ ^/update/pub/ {
add_header X-Frame-Options "SAMEORIGIN";
}
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location /pub {
location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*.xml) {
deny all;
}
alias $MAGE_ROOT/pub;
add_header X-Frame-Options "SAMEORIGIN";
}
location /static/ {
if ($MAGE_MODE = "production") {
expires max;
}
location ~* .(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
add_header Cache-Control "public";
add_header X-Frame-Options "SAMEORIGIN";
expires +1y;
if (!-f $request_filename) {
rewrite ^/static/(versiond*/)?(.*)$ /static.php?resource=$2 last;
}
}
location ~* .(zip|gz|gzip|bz2|csv|xml)$ {
add_header Cache-Control "no-store";
add_header X-Frame-Options "SAMEORIGIN";
expires off;
if (!-f $request_filename) {
rewrite ^/static/(versiond*/)?(.*)$ /static.php?resource=$2 last;
}
}
if (!-f $request_filename) {
rewrite ^/static/(versiond*/)?(.*)$ /static.php?resource=$2 last;
}
add_header X-Frame-Options "SAMEORIGIN";
}
location /media/ {
try_files $uri $uri/ /get.php?$args;
location ~ ^/media/theme_customization/.*.xml {
deny all;
}
location ~* .(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
add_header Cache-Control "public";
add_header X-Frame-Options "SAMEORIGIN";
expires +1y;
try_files $uri $uri/ /get.php?$args;
}
location ~* .(zip|gz|gzip|bz2|csv|xml)$ {
add_header Cache-Control "no-store";
add_header X-Frame-Options "SAMEORIGIN";
expires off;
try_files $uri $uri/ /get.php?$args;
}
add_header X-Frame-Options "SAMEORIGIN";
}
location /media/customer/ {
deny all;
}
location /media/downloadable/ {
deny all;
}
location /media/import/ {
deny all;
}
location ~ /media/theme_customization/.*.xml$ {
deny all;
}
location /errors/ {
try_files $uri =404;
}
location ~ ^/errors/.*.(xml|phtml)$ {
deny all;
}
location ~ cron.php {
deny all;
}
location ~ (index|get|static|report|404|503).php$ {
try_files $uri =404;
fastcgi_pass fastcgi_backend;
fastcgi_param PHP_FLAG "session.auto_start=off n suhosin.session.cryptua=off";
fastcgi_param PHP_VALUE "memory_limit=256M n max_execution_time=600";
fastcgi_read_timeout 600s;
fastcgi_connect_timeout 600s;
fastcgi_param MAGE_MODE $MAGE_MODE;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}