Menu
I have a website running on a LEMP stack. I have enabled cloudflare with the website. I am using the cloudflare flexible SSL certificate for https. When i open the website in chrome it shows website redirected you too many times and in firefox has detected that the server is redirecting the request for this address in a way that will never complete. I have tried to see answers of other questions but none of them seem to solve the problem. NGINX conf file:-
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com www.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
I would be highly grateful if anyone can point out what I am doing wrong.
441
Redirect HTTP to HTTPS version for Specified domain in Nginx Server_name domain-name.com www.domain-name.com – it specifies the domain names. So, replace it with your website domain name that you want to redirect. Return 301 https://domain-name.com$request_uri – it moves the traffic to the HTTPS version of the site.
Go to chrome://net-internals/#hsts . Enter example.com under Delete domain security policies and press the Delete button. Now go to chrome://settings/clearBrowserData , tick the box Cached images and files and press click the button Clear data. This helped me as well!!!
The ERR_TOO_MANY_REDIRECTS error occurs when the browser redirects from URL A to URL B, and then again from URL B to URL A, which again redirects to URL B, and so on and so forth. The browser recognizes this infinite redirect loop and throws up an error.
Since you are using cloudflare flexible SSL your nginx config file wll look like this:-
server { listen 80 default_server; listen [::]:80 default_server; server_name mydomain.com www.mydomain.com; if ($http_x_forwarded_proto = "http") { return 301 https://$server_name$request_uri; } root /var/www/html; index index.php index.html index.htm index.nginx-debian.html; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; } location ~ /\.ht { deny all; } } Kushal's reasoning is correct. Since you are using "Flexible" SSL between Cloudflare and your origin, you get into this redirect loop.
This isn't ideal as traffic between Cloudflare and your origin is insecure. The best option is to have traffic encrypted.
Go into Cloudflare's Dashboard, select Crypto, then choose a different SSL option that meets your needs. I'm using Full (strict) since I have the certs installed via let's encrypt.
I would also suggest using https://nginxconfig.io/ to generate your config.
From Cloudflare's Help:
Why isn’t my site working over HTTPS? If you have recently signed up for Cloudflare, and your certificate status above shows “Authorizing Certificate”, HTTPS is not yet available for your site because Cloudflare does not have a certificate for it. Provisioning typically takes around 15 minutes for paid plans and up to 24 hours for Free. Contact Support if you do not have a certificate after that time. If the status above shows “Active Certificate” there are several other common problems that can appear when accessing your site over HTTPS.
What SSL setting should I use? This setting controls how Cloudflare’s servers connect to your origin for HTTPS requests. We recommend enabling the Full SSL (Strict) setting if possible. Common use cases for each are:
Off: No visitors will be able to view your site over HTTPS; they will be redirected to HTTP.
Flexible SSL: You cannot configure HTTPS support on your origin, even with a certificate that is not valid for your site. Visitors will be able to access your site over HTTPS, but connections to your origin will be made over HTTP. Note: You may encounter a redirect loop with some origin configurations.
Full SSL: Your origin supports HTTPS, but the certificate installed does not match your domain or is self-signed. Cloudflare will connect to your origin over HTTPS, but will not validate the certificate.
Full (strict): Your origin has a valid certificate (not expired and signed by a trusted CA or Cloudflare Origin CA) installed. Cloudflare will connect over HTTPS and verify the cert on each request.
26
I tried
if ($http_x_forwarded_proto = "http") {
return 301 https://$server_name$request_uri;
}
But this not allways redirected. Manually write address in browser with begining http:// and nginx not redirected. But using $scheme it's working even manually entering http:// So (for my site) is always working variant:
if ($scheme = "http") {
return 301 https://$server_name$request_uri;
}
P.S. sorry for my english :(
32
The answer from Kushal is right. I had the same problem as yours.
I tried both solutions:
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
