HTTP to HTTPS Nginx too many redirects

后端 未结 3 849
闹比i
闹比i 2021-02-02 12:24

I have a website running on a LEMP stack. I have enabled cloudflare with the website. I am using the cloudflare flexible SSL certificate for https. When i open the website in ch

相关标签:
3条回答
  • 2021-02-02 12:58

    I tried

    if ($http_x_forwarded_proto = "http") {
          return 301 https://$server_name$request_uri;
      }
    

    But this not allways redirected. Manually write address in browser with begining http:// and nginx not redirected. But using $scheme it's working even manually entering http:// So (for my site) is always working variant:

     if ($scheme = "http") {
          return 301 https://$server_name$request_uri;
      }
    

    P.S. sorry for my english :(

    0 讨论(0)
  • 2021-02-02 13:01

    Kushal's reasoning is correct. Since you are using "Flexible" SSL between Cloudflare and your origin, you get into this redirect loop.

    This isn't ideal as traffic between Cloudflare and your origin is insecure. The best option is to have traffic encrypted.

    Go into Cloudflare's Dashboard, select Crypto, then choose a different SSL option that meets your needs. I'm using Full (strict) since I have the certs installed via let's encrypt.

    I would also suggest using https://nginxconfig.io/ to generate your config.

    From Cloudflare's Help:

    Why isn’t my site working over HTTPS? If you have recently signed up for Cloudflare, and your certificate status above shows “Authorizing Certificate”, HTTPS is not yet available for your site because Cloudflare does not have a certificate for it. Provisioning typically takes around 15 minutes for paid plans and up to 24 hours for Free. Contact Support if you do not have a certificate after that time. If the status above shows “Active Certificate” there are several other common problems that can appear when accessing your site over HTTPS.

    What SSL setting should I use? This setting controls how Cloudflare’s servers connect to your origin for HTTPS requests. We recommend enabling the Full SSL (Strict) setting if possible. Common use cases for each are:

    Off: No visitors will be able to view your site over HTTPS; they will be redirected to HTTP.

    Flexible SSL: You cannot configure HTTPS support on your origin, even with a certificate that is not valid for your site. Visitors will be able to access your site over HTTPS, but connections to your origin will be made over HTTP. Note: You may encounter a redirect loop with some origin configurations.

    Full SSL: Your origin supports HTTPS, but the certificate installed does not match your domain or is self-signed. Cloudflare will connect to your origin over HTTPS, but will not validate the certificate.

    Full (strict): Your origin has a valid certificate (not expired and signed by a trusted CA or Cloudflare Origin CA) installed. Cloudflare will connect over HTTPS and verify the cert on each request.

    0 讨论(0)
  • 2021-02-02 13:10

    Since you are using cloudflare flexible SSL your nginx config file wll look like this:-

    server {
      listen 80 default_server;
      listen [::]:80 default_server;
      server_name mydomain.com www.mydomain.com;
    
      if ($http_x_forwarded_proto = "http") {
          return 301 https://$server_name$request_uri;
      }
    
      root /var/www/html;
    
      index index.php index.html index.htm index.nginx-debian.html;
    
      location / {
         try_files $uri $uri/ =404;
      }
    
      location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/run/php/php7.0-fpm.sock;
      }
    
      location ~ /\.ht {
         deny all;
      }
    }
    
    0 讨论(0)
提交回复
热议问题