I'm trying to set up NGINX and cloudflare. I've read about this on Google but nothing solved my problem. My cloudflare is active at the moment. I removed all page rules in cloudflare but before had domain.com and www.domain.com to use HTTPS. I thought this could be causing the problem so I removed it. Here is my default NGINX file, with purpose of allowing only access by domain name and forbid access by IP value of the website:
server{
#REDIRECT HTTP TO HTTPS
listen 80 default;
listen [::]:80 default ipv6only=on; ## listen for ipv6
rewrite ^ https://$host$request_uri? permanent;
}
server{
#REDIRECT IP HTTPS TO DOMAIN HTTPS
listen 443;
server_name numeric_ip;
rewrite ^ https://www.domain.com;
}
server{
#REDIRECT IP HTTP TO DOMAIN HTTPS
listen 80;
server_name numeric_ip;
rewrite ^ https://www.domain.com;
}
server {
listen 443 ssl;
server_name www.domain.com domain.com;
#rewrite ^ https://$host$request_uri? permanent;
keepalive_timeout 70;
ssl_certificate /ssl/is/working.crt;
ssl_certificate_key /ssl/is/working.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
#ssl_dhparam /path/to/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM$
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
(...) more ssl configs
What could be off? I'll provide mroe information if needed...
After tryouts found that this is only related with Cloudflare. Because I had no redirect problem before moving to Coudflare.
In my case was simple fix like this. Select [Crypto] box and select Full (strict) as in the image.
Really, you can try this out first before any other actions.
These questions with run-away redirects come up all the time!
Usually, the problem lies with the fact that 301 Moved Permanently responses are often cached within the browsers "for good", and there is often no way to CtrlR nor CtrlShiftR out of it, short of clearing the whole cache. (This is one of the reasons I often prefer 302 Found / 302 Moved Temporarily instead, especially during the development phase, because 302 responses are generally not cached at all by default.)
Additionally, if you've had HSTS in the past, and it was successfully fetched and quietly installed by the browser under the hood, and was never explicitly cleared nor expired yet, then the browser would never make any subsequent requests over http:// until and unless the policy is cleared -- all requests would always be over https://.
As for putting CloudFlare into the mix, doesn't it alleviate the need to have so many different server definitions and redirects in the first place, since your IP address is supposed to be hidden? I'm not sure what good it does to presumably hide your IP address behind CloudFlare, yet openly reveal the domain name it serves for anyone doing a global internet scan.
As you already ran through all the "SSL modes" offered by CloudFlare, I would suggest to change all your 301 permanent redirects to 302 temporary redirects (if not remove all of these in entirety in the first place), clear the browser's cache, and then try circling around the ssl options again. :-)
Go to Page Rules section and check if you have an "always redirect to https" rule. I had it by default.
来源:https://stackoverflow.com/questions/35143193/cloudflare-and-nginx-too-many-redirects