Laravel Forge - Redirect Loop - SSL and Load balancer

Question

I just set up 3 servers with laravel forge. 1 load balancer and 2 file servers that contains my laravel project.

I have installed my SSL-certificate on all three servers, and pointed my domain to the load balancer servers IP Address.

However, when accessing my sites url now, I get a redirect loop. Anyone got any suggestions?

Here is the config for the load balancer (Domain removed for question):

server {
    listen 80;
    server_name mydomain.no;
    return 301 https://mydomain.no$request_uri;
}

include upstreams/mydomain.no;

server {
    listen 443 ssl;
    server_name .mydomain.no;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/mydomain.no/16768/server.crt;
    ssl_certificate_key /etc/nginx/ssl/mydomain.no/16768/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    charset utf-8;

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/mydomain.no-error.log error;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://116816_app/;
        proxy_redirect off;

        # Handle Web Socket connections
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

And here is the nginx conf from my file servers:

server {
    listen 80;
    server_name mydomain.no;
    return 301 https://mydomain.no$request_uri;
}

server {
    listen 443 ssl;
    server_name .mydomain.no;
    root /home/forge/mydomain.no/httpdocs/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/mydomain.no/16782/server.crt;
    ssl_certificate_key /etc/nginx/ssl/mydomain.no/16782/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/mydomain.no-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

server {
    listen 80;
    server_name mydomain.no;
    return 301 https://mydomain.no$request_uri;
}

server {
    listen 443 ssl;
    server_name .mydomain.no;
    root /home/forge/mydomain.no/httpdocs/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/mydomain.no/16783/server.crt;
    ssl_certificate_key /etc/nginx/ssl/mydomain.no/16783/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/mydomain.no-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

Answer 1

You are connecting to your upstream using the http scheme. This causes it to redirect to https, which the load balancer then routes upstream using http. Hence the loop.

Either connect upstream using https:

proxy_pass https://116816_app/;

Or allow your upstream file server to accept connections using http:

server {
  listen 80;
  listen 443 ssl;
  ...
}