Share on Facebook0Tweet about this on TwitterShare on Google+0Share on Reddit0Digg thisPin on Pinterest0Email this to someone

I was recently working on setting up http to https redirects for multi domain site.

Using Nginx I added the redirect rule as below:

rewrite ^ https://$host$request_uri? permanent;

But no matter no what I did it would redirect to https and then time out in a redirect loop.

After many hours of looking around I finally found a Cloudflare Post Explaining:

Cloudflare’s Flexible SSL option can cause redirect loops when combined with certain configurations. Because all requests are sent to origins over HTTP when Flexible SSL is selected, an origin configured to redirect HTTP requests to HTTPS will cause a redirect loop, causing browsers to display “The page isn’t redirecting properly” or “ERR_TOO_MANY_REDIRECTS”.

Simply changing the SSL settings on Cloudflare from Flexible to Full made the http to https redirect work as expected.

Here is my full nginx config below for reference:

server {
        listen   80;
        listen   [::]:80;
        server_name  localhost;
        access_log  off;

        location / {
                # CONFIRM CLOUDFLARE SSL IS SET TO FULL FOR THIS TO WORK
                rewrite ^ https://$host$request_uri? permanent;
        }
}

server {
        listen   443;
        server_name  149.164.94.148 localhost;
        access_log  off;
  ssl on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_stapling on;
  ssl_dhparam /etc/nginx/ssl/dhparam2048.pem;
  ssl_certificate /etc/nginx/ssl/certificate.crt;
  ssl_certificate_key /etc/nginx/ssl/server.key;

location / {
                proxy_pass http://127.0.0.1:6001;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
        }
}
If you enjoyed this post, why not leave a comment or consider a Donation as a token of your appreciation. If you need help implementing something you saw on this site or any other project why not Hire Me?
SOLVED: nginx http to https redirect loop cloudflare ssl
Tagged on:                                 

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading Facebook Comments ...