Nginx subdomain too many redirects

Question

I currently have a working Django + Gunicorn + Nginx setup for https://www.example.com and http://sub.example.com. Note the main domain has ssl whereas the subdomain does not.

This is working correctly with the following two nginx configs. First is www.example.com:

upstream example_app_server {
  server unix:/path/to/example/gunicorn/gunicorn.sock fail_timeout=0;
}

server {
 listen 80;
 server_name www.example.com;

 return 301 https://www.example.com$request_uri;
}

server {
    listen   443 ssl;
    server_name www.example.com;

    if ($host = 'example.com') {
      return 301 https://www.example.com$request_uri;
    }

    ssl_certificate       /etc/nginx/example/cert_chain.crt;
    ssl_certificate_key   /etc/nginx/example/example.key;
    ssl_session_timeout   1d;
    ssl_session_cache     shared:SSL:50m;
    ssl_protocols         TLSv1.1 TLSv1.2;
    ssl_ciphers           'ciphers removed to save space in post';
    ssl_prefer_server_ciphers   on;

    client_max_body_size 4G;

    access_log            /var/log/nginx/www.example.com.access.log;
    error_log             /var/log/nginx/www.example.com.error.log info;

    location /static {
      autoindex on;
      alias /path/to/example/static;
    }

    location /media {
      autoindex on;
      alias /path/to/example/media;
    }

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        if (!-f $request_filename) {
            proxy_pass http://example_app_server;
            break;
        }
    }
}

Next is sub.example.com:

upstream sub_example_app_server {
  server unix:/path/to/sub_example/gunicorn/gunicorn.sock fail_timeout=0;
}

server {
    listen   80;
    server_name sub.example.com;
    client_max_body_size 4G;
    access_log            /var/log/nginx/sub.example.com.access.log;
    error_log             /var/log/nginx/sub.example.com.error.log info;

    location /static {
      autoindex on;
      alias /path/to/sub_example/static;
    }

    location /media {
      autoindex on;
      alias /path/to/sub_example/media;
    }

    location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_redirect off;
      if (!-f $request_filename) {
        proxy_pass http://sub_example_app_server;
        break;
      }
    }
}

As mentioned, this is all working. What I am trying to do now is to use ssl on the subdomain as well. I have a second ssl certificate for this purpose which has been activated with the domain register for this subdomain.

I have updated the original nginx config from above for sub.example.com to have exactly the same format as example.com, but pointing to the relevant ssl cert/key etc:

upstream sub_example_app_server {
  server unix:/path/to/sub_example/gunicorn/gunicorn.sock fail_timeout=0;
}

server {
 listen 80;
 server_name sub.example.com;

 return 301 https://sub.example.com$request_uri;
}

server {
    listen   443 ssl;
    server_name sub.example.com;

    if ($host = 'sub.example.com') {
      return 301 https://sub.example.com$request_uri;
    }

    ssl_certificate       /etc/nginx/sub_example/cert_chain.crt;
    ssl_certificate_key   /etc/nginx/sub_example/example.key;
    ssl_session_timeout   1d;
    ssl_session_cache     shared:SSL:50m;
    ssl_protocols         TLSv1.1 TLSv1.2;
    ssl_ciphers           'ciphers removed to save space in post';
    ssl_prefer_server_ciphers   on;

    client_max_body_size 4G;

    access_log            /var/log/nginx/sub.example.com.access.log;
    error_log             /var/log/nginx/sub.example.com.error.log info;

    location /static {
      autoindex on;
      alias /path/to/sub_example/static;
    }

    location /media {
      autoindex on;
      alias /path/to/sub_example/media;
    }

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        if (!-f $request_filename) {
            proxy_pass http://sub_example_app_server;
            break;
        }
    }
}

I haven't changed anything with my domain register / dns because everything was already working correctly before adding the ssl for the subdomain. Not sure if there is something I need to change?

When browsing to http://sub.example.com I am redirected to https://sub.example.com, so that part appears to be working. However the site does not load and the browser error is: This page isn't working. sub.example.com redirected you too many times. ERR_TOO_MANY_REDIRECTS

https://www.example.com is still working.

I don't have any errors in my nginx or gunicorn logs. I can only guess I have configured something in the sub.example.com nginx config incorrectly.

Answer 1

The section in the ssl server configuration:

if ($host = 'sub.example.com') { return 301 sub.example.com$request_uri } 

is the problem. That rule will always be triggered. Removing it should eliminate the too many redirect errors.