Https redirect going to infinite loop

Hi,

I am new to nginx. I am trying to redirect all request to https. This is
the
redirect i am using

rewrite ^/(.*) https://example.com permanent;

somehow when I hit http://example.com on browser it goes to infinite
loop.

Note: ssl is enabled on the load balancer

Please help!

Regards,
Parul Sood

Posted at Nginx Forum:

On Thu, Jul 11, 2013 at 07:27:14AM -0400, parulsood85 wrote:

Hi there,

I am new to nginx. I am trying to redirect all request to https. This is the
redirect i am using

rewrite ^/(.*) https://example.com permanent;

What server{} block is this in?

What “listen” or similar directives apply in that block?

somehow when I hit http://example.com on browser it goes to infinite loop.

What is the output when you do “curl -i http://example.com”?

And if it is a redirect, what is the output when you do a “curl -i”
on the redirected Location:?

Note: ssl is enabled on the load balancer

Where is the load balancer in relation to nginx and the browser? What
does the load balancer do?

Please help!

If you can provide the above details, it may be clearer where the
problem
is and what the resolution is.

f

Francis D. [email protected]

Hello Francis,

Thanks for the quick reponse. Here is the snipet of the config being
used

#############################################################################

http {
include mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] 

“$request”

'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

access_log  /app/nginx/logs/access.log main;

    proxy_buffering    off;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Scheme $scheme;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   Host $http_host;

    upstream my-backend {
    server 127.0.0.1:9000;

}

server {
listen 80;
server_name example.com;

    location / {
                    rewrite ^(.*)  https://example.com permanent;
                    proxy_pass  http://my-backend;
    }

}

#############################################################################

the output of curl -i http://example.com

curl: (7) couldn’t connect to host

The loadbalancer is in the different DMZ it will sent the request on
port 80
& 443 to nginx server on port 80. The loadbalancer urls are
http://example.com & https://example.com both are working.

Please let me know if any other information is required.

Regards,
Parul Sood

Posted at Nginx Forum:

Hello Francis,

Thanks for the quick reponse. Here is the snipet of the config being
used

#############################################################################

http {
include mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] 

“$request”

'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

access_log  /app/nginx/logs/access.log main;

    proxy_buffering    off;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Scheme $scheme;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   Host $http_host;

    upstream my-backend {
    server 127.0.0.1:9000;

}

server {
listen 80;
server_name example.com;

    location / {
                    rewrite ^(.*)  https://example.com permanent;
                    proxy_pass  http://my-backend;
    }

}

#############################################################################

the output of curl -i http://example.com

curl: (7) couldn’t connect to host

The loadbalancer is in the different DMZ it will sent the request on
port 80
& 443 to nginx server on port 80. The loadbalancer urls are
http://example.com & https://example.com both are working.

Please let me know if any other information is required.

Regards,
Parul Sood

Posted at Nginx Forum:

On Fri, Jul 12, 2013 at 02:50:56AM -0400, parulsood85 wrote:

Hi there,

server {
listen 80;
server_name example.com;

So: nginx is not listening for https requests?

    location / {
                    rewrite ^(.*)  https://example.com permanent;
                    proxy_pass  http://my-backend;

Aside: It is unlikely that both of these lines do something useful.

the output of curl -i http://example.com

curl: (7) couldn’t connect to host

And the http server isn’t listening at all? Or maybe your routing or
other proxying is broken – this command should be run from the same
machine that a browser is on that sees the failure. The aim is to see
the exact response which leads to the failure. But it may not matter,
see below.

The loadbalancer is in the different DMZ it will sent the request on port 80
& 443 to nginx server on port 80.

So: the loadbalancer listens for http and https, and sends both requests
to nginx as http?

Which means nginx can’t tell whether the initial request was http or
https?

Do the http-to-https redirect on the load balancer, which knows whether
the initial request was http or https.

Or configure the load balancer to give a clue to nginx whether the
initial request was http or https, and configure your nginx to respond
to that clue.

f

Francis D. [email protected]

Hello Francis,

Here is the curl o/p executed from browser machine.

c:\curl>curl.exe -i http://example.com
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
Date: Fri, 12 Jul 2013 08:53:12 GMT
Location: https://example.com
Server: nginx/1.2.8
Content-Length: 184
Connection: keep-alive

301 Moved Permanently

301 Moved Permanently


nginx/1.2.8

However I noticed that when I put a https redirect like below, it works

rewrite ^/test$ https://example.com permanent;

So: the loadbalancer listens for http and https, and sends both requests
to nginx as http?
Yes

Do the http-to-https redirect on the load balancer, which knows whether
the initial request was http or https.

Or configure the load balancer to give a clue to nginx whether the
initial request was http or https, and configure your nginx to respond
to that clue.

I’ll work on this, I think this option should work fine.

Thanks for the help.

Regards,
Parul Sood

Posted at Nginx Forum: