Infinite redirect - nginx

Question

I seem to be having an issue with an infinite redirect with nginx. This has been driving me crazy for the las half hour or so because I am unable to identify where the infinite redirect is occurring.

vHost:

Server ID : SuperUser Shell : sites-available/ > # cat example.com-ssl 
server {
    listen 80;
    server_name www.example.com example.com;
    return      301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com;
    return      301 https://www.example.com$request_uri;

    # This is for troubleshooting
    access_log /var/log/nginx/www.example.com/access.log;
    error_log /var/log/nginx/www.example.com/error.log debug;
}

server {
    listen 443 default_server ssl;
    server_name www.example.com;

    ssl                         on;
    ssl_certificate             /etc/ssl/certs/www.example.com/2017/www.example.com.crt;
    ssl_certificate_key         /etc/ssl/certs/www.example.com/2017/www.example.com.key;
    ssl_trusted_certificate     /etc/ssl/certs/www.example.com/2017/www.example.com.ca-bundle;
    ssl_protocols               TLSv1.1 TLSv1.2;
    ssl_ciphers                 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers   on;
    ssl_session_cache           shared:SSL:10m;
    ssl_dhparam                 /etc/ssl/certs/www.example.com/2017/dhparam.pem;
    add_header                  Strict-Transport-Security "max-age=63072000; includeSubexamples; ";

    location / {
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   Host      $http_host;
        proxy_pass         http://127.0.0.1:2368;
    }

    access_log /var/log/nginx/www.example.com/access.log;
    error_log /var/log/nginx/www.example.com/error.log;
}
Server ID : SuperUser Shell : sites-available/ > #

Additional info:

I should also point out that this is a ghost blogging server and that I have updated config.js to reflect https instead of http:

Server ID : SuperUser Shell : ghost/ > # cat config.js 
// # Ghost Configuration
// Setup your Ghost install for various [environments](http://support.ghost.org/config/#about-environments).

// Ghost runs in `development` mode by default. Full documentation can be found at http://support.ghost.org/config/

var path = require('path'),
    config;

config = {

    // ### Production
    production: {

        url: 'https://www.example.com',
        mail: {},

        database: {
            client: 'sqlite3',
            connection: {
                filename: path.join(__dirname, '/content/data/ghost.db')
            },
            debug: false
        },

        server: {
            host: '0.0.0.0',
            port: '2368'
        }
    },

    // ### Development **(default)**
    development: {

        url: 'https://www.example.com',

        database: {
            client: 'sqlite3',
            connection: {
                filename: path.join(__dirname, '/content/data/ghost-dev.db')
            },
            debug: false
        },
    },

...

Server ID : SuperUser Shell : ghost/ > #

I also restarted this java process using pm2 (What I use to keep ghost running). I even went as far as stopping the process and starting it again

cURL output:

... Same thing as below for 49 times
* Ignoring the response-body
* Connection #0 to host www.example.com left intact
* Issue another request to this URL: 'https://www.example.com/'
* Found bundle for host www.example.com: 0x263b920
* Re-using existing connection! (#0) with host www.example.com
* Connected to www.example.com (123.45.67.89) port 443 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: www.example.com
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
* Server nginx/1.4.6 (Ubuntu) is not blacklisted
< Server: nginx/1.4.6 (Ubuntu)
< Date: Sat, 26 Nov 2016 08:56:23 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 63
< Connection: keep-alive
< X-Powered-By: Express
< Location: https://www.example.com/
< Vary: Accept, Accept-Encoding
< Strict-Transport-Security: max-age=63072000; includeSubdomains; 
< 
* Ignoring the response-body
* Connection #0 to host www.bestredflags.com left intact
* Maximum (50) redirects followed

Questions:

• Does anyone see where I am making my mistake?
• I copied my nginx configuration from my RHEL 7.3 server running nginx version: nginx/1.10.2 (where there are no issues) to my Ubuntu 14.04 running nginx version: nginx/1.4.6 (Ubuntu) could this be part of my problem?
  • I did not receive an error from nginx -t before pushing the vHost config change.
  • This leads me to think that there is not an issue with my vHost but a vHost misconfiguration also seems to be the logical choice.
• Something that I was wondering about earlier is that this seems quite a bit longer in nginx than redirecting null to www to https://www is in apache. Am I doing this right for nginx?
  • I am following documentation put forth here: https://www.digitalocean.com/community/tutorials/how-to-create-temporary-and-permanent-redirects-with-apache-and-nginx

I hope that this is not too much information. I definitely don't want to give too little information.

Thanks for any help / pointers.

Answer 1

This is super embarrassing but I found out when comparing configs that my production server that ghost does not need to have https specified in config.js. This caused my first infinite redirect loop.

PROD : SuperUser Shell : ghost/ > # grep sitename config.js 
        url: 'http://www.sitename.com',
        url: 'http://www.sitename.com',
PROD : SuperUser Shell : ghost/ > #

Secondly I received another redirect loop from CloudFlare when re-enabling DNS Protection

• To correct this issue go to the Overview tab > Settings Summary > Click on SSL and change SSL from "Flexible " to "Full (Strict)".