symfony 3 Too Many Redirects when forcing https

Question

I have a problem that is similar to other question posted on SO, but none of those solutions have worked.

I'm using Apache built into OSX El Capitan Server, and https works fine when I don't force http traffic onto https via the following directive:

    access_control:
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https, host: mypc\.local$ }

But adding this results in the Too Many Redirects error when visiting the local uri for my website is: https://mypc.local/myproject/web/

full security.yml:

security:
  access_control:
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https, host: mypc\.local$ }

  providers:
    our_db_provider:
        entity:
            class: AppBundle:Users
            property: username

  encoders:
    AppBundle\Entity\Users: plaintext   

firewalls:
    # disable authentication for assets and the profiler 
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    main:
        pattern:    ^/
        http_basic: ~
        provider: our_db_provider

        anonymous: ~
        form_login:
            login_path: /
            check_path: login

        logout:
            path:   /logout
            target: /
            invalidate_session: true 

EDIT: here are the response headers:

> GET /myproject/web/ HTTP/1.1
> Host: mypc.local
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 09 Aug 2016 12:15:00 GMT
< Server: Apache
< X-Powered-By: PHP/5.5.31
< Cache-Control: no-cache
< Location: https://mypc.local/myproject/web/
< MS-Author-Via: DAV
< Content-Length: 396
< Content-Type: text/html; charset=UTF-8
< 
* Ignoring the response-body
* Connection #0 to host mypc.local left intact
* Issue another request to this URL: 'https://mypc.local/myproject/web/'
* Found bundle for host mypc.local: 0x7f89b2d01780
* Re-using existing connection! (#0) with host mypc.local
* Connected to mypc.local (fe80::ea06:88ff:fecf:61c6) port 443 (#0)
> GET /myproject/web/ HTTP/1.1
.... repeated 20 times

Answer 1

I had the same issue using Symfony behing AWS ELB and Beanstalk. All urls generated by UrlGenerator where with http scheme. And forcing https makes my Symfony confused and running infinite redirect loop.

This has something to do with trusted_proxies variable. I think symfony is doing an infinite loop because for him your scheme is http even if you use https.

Are you behind a varnish proxy, a load balancer?

For me using this answer from totas solved the issue :

Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));

I've been forced to do this because AWS ELB have dynamic IP. If your proxy or load balancer have a fix IP, you can use truted_proxies var as explained in symfony documentation.

If someone has a better solution in an AWS ELB environment I'm interested.

I hope this will help you.

Answer 2

Simply, Symfony configuration should not be the place where you redirect traffic, for two reasons:

1. Mantainability
2. Overhead

If you have mod rewrite enable, and you should have I suppose, you can configure these settings in Apache:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]