Laravel/Homestead Nginx SSL Redirect Loop - redirect

I have seen other topics like this one: Nginx configuration leads to endless redirect loop, however all of the configurations I have tried with no change.
Problem: I want to force ALL routes to https in my Laravel 4 application but they always result in a redirect loop.
The nginx config is inside a Laravel Homestead environment. Here is the config:
server {
listen 80;
server_name dev.subdomain.mysite.com;
root /home/vagrant/sites/work/dev.subdomain.mysite.com/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_max_temp_file_size 0;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/dev.subdomain.mysite.com-error.log error;
error_page 404 /index.php;
sendfile off;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443;
server_name dev.subdomain.mysite.com;
root /home/vagrant/sites/work/dev.subdomain.mysite.com/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files / /index.php?;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_max_temp_file_size 0;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/dev.subdomain.mysite.com-error.log error;
error_page 404 /index.php;
sendfile off;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
}
I have disabled all routes in my application, my .htaccess is the Laravel provided default. I'm not sure what else to try.

First off, Laravel Homestead uses 44300 as an alias for 443 on the vagrant box.
Your http to https redirect should also be accomplished simply by:
server {
listen 80;
server_name mysite.com;
return 301 https://example.com$request_uri;
}
server {
listen 443;
server_name example.com;
root /home/vagrant/sites/work/example.com/public;
[...] // All other Laravel-related stuff
}
Secondly, you seem to be using a dev-site with Homestead, double check that your host-file and homestead.yaml is set up accordingly and everything is on order there.
Also, when making changes to SSL-certs and nginx-files, your safest bet is always to do a vagrant reload to make sure all edits are reloaded.

Related

Facebook messenger bot callback url curl error 35

I am trying to create a facebook messenger bot. every thing work woth heroku. then i transfer it to my own server. then i got the error "curl errno =35" i tried it with ngrok work fine on the server but not work with my server.
using debian with nginx x and letsencrypt.
the url is preetombot.bddevwork.net
my setting
server {
listen 80;
server_name preetombot.bddevwork.net www.preetombot.bddevwork.net;
#root /usr/share/nginx/www/preetombot.bddevwork.net;
#return 301 https://$server_name$request_uri;
}
server {
listen 443 default_server ssl http2;
server_name preetombot.bddevwork.net
www.preetombot.bddevwork.net;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/letsencrypt/live/preetombot.bddevwork.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/preetombot.bddevwork.net/privkey.pem;
ssl_trusted_certificate /test/ca-certs.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /test/dhparam.pem;
root /usr/share/nginx/www/preetombot.bddevwork.net;
index index.php index.html index.htm;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://localhost:5000$request_uri;
proxy_redirect off;
proxy_http_version 1.1;
}
location ~ /.well-known{
allow all;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I have multiple secure ports listening within a single server, in this case for FB bot I'm using port 8083.
upstream botd {
server application_1:8083 max_fails=3 fail_timeout=30s;
keepalive 64;
}
server {
listen 443 default_server;
listen [::]:443 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
rewrite_log on;
ssl on;
server_name _;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
ssl_certificate /etc/ssl/techie8.io/api.techie8.io.bundle;
ssl_certificate_key /etc/ssl/techie8.io/api.techie8.io.key;
# Botd skill.
location /botd {
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://botd;
break;
}
}
# Techie8 API.
location / {
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
#Timeout after 8 hours
proxy_read_timeout 43200000;
proxy_connect_timeout 43200000;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://application;
break;
}
}
}
In Flask App:
#app.route('/botd', methods=['GET'])
def handle_verification():
"""Handle Token verification."""
print "Handling Verification."
if request.args.get('hub.verify_token') == VERIFY_TOKEN:
print "Verification successful!"
return request.args.get('hub.challenge')
else:
print "Verification failed!"
return 'Error, wrong validation token'
#app.route('/botd', methods=['POST'])
def handle_messages():
print "Handling Incoming Messages\n"
payload = request.get_data()
print payload
for sender, message in messaging_events(payload):
print "Incoming Message from %s: %s" % (sender, message)
print ("Access Token: %s" % ACCESS_TOKEN)
send_message(ACCESS_TOKEN, sender, message)
return "ok"
In Facebook WebHook Callback URL I have my host configured:
https://api.mycompany.io/botd

NGINX 2 domains on the same IP, want to redirect both to HTTPS

I have 2 domains running on my server, NGINX just proxies them to node apps. I have a certificate for one, but for the other I'm just using cloudflare to provide HTTPS. I want to ensure that when users visit either domain, they always get redirected to the HTTPS version of the domain, without a www. This is my current configuration, uncommenting the block for the domain2 configuration file seems to break both sites :(
domain1 config file:
upstream domain1.com {
server 127.0.0.1:8000;
keepalive 8;
}
server {
listen 0.0.0.0:80;
server_name domain1.com www.domain1.com;
return 301 https://domain1.com$request_uri;
}
server {
#listen 80;
listen 443 ssl http2;
server_name domain1.com;
access_log /var/log/nginx/domain1.com.log;
root /var/www/domain1.com/client/public;
include /etc/nginx/global/cloudflare-allow.conf;
ssl_certificate /etc/nginx/ssl/domain1.crt;
ssl_certificate_key /etc/nginx/ssl/domain1.key;
if ($bad_referer) {
return 444;
}
location / {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_pass http://domain1.com;
proxy_redirect off;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
}
server {
listen 443 ssl http2;
server_name www.domain1.com;
return 301 https://domain1.com$request_uri;
}
domain2 config file:
upstream domain2.com {
server 127.0.0.1:9000;
keepalive 8;
}
#server {
# listen 80;
# server_name domain2.com www.domain2.com;
# return 301 https://$server_name$request_uri;
#}
server {
listen 80;
#listen 443 ssl http2;
server_name domain2.com;
access_log /var/log/nginx/domain2.com.log;
root /var/www/domain2.com;
include /etc/nginx/global/cloudflare-allow.conf;
if ($bad_referer) {
return 444;
}
location / {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_pass http://domain2.com;
proxy_redirect off;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
}
When SSL is done through CloudFlare's Flexible SSL mode, communication to the origin is HTTP traffic over port 80.
In order to detect whether this traffic is HTTPS you can't use the HTTPS environment variable, you must then check if the X-Forwarded-Proto header is set to HTTPS instead.
You can do this in Nginx as follows:
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
The easier way to do this is to simply set an "Always use HTTPS" Page Rule in CloudFlare.

Nginx reverse proxy causing infinite loop

I have the following in my Nginx site config file:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
server_name example.com;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
server {
listen 80;
server_name example2.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://localhost/page-1/;
}
}
The issue only seems to occur when I add the proxy_set_header Host $host; line. It appears that the $host variable creates a redirect loop and the GET request from the error server logs goes something like this ...page-1/page-1/page-1/page-1... with the server responding with an internal error 500.
I'd be really grateful if anyone could tell me what I'm doing wrong. Many thanks in advance!
I had the same issue, and as suggested by Alexey Ten, the solution is to remove the Host header.

Nginx Config Endless Loop (redirect HTTP to HTTPS)

I'm a bit stuck. I'm setting up a new installation of JTL-Shop3 on Nginx. But whenever I call https://www.domain.tld/ it becomes http://www.domain.tld/ and the other way around and ends up showing an error because the webpage is redirecting in a loop.
Here is my nginx config for Non-SSL
# redirect non www to www
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name trendboxx.eu www.trendboxx.eu;
return 301 https://www.trendboxx.eu$request_uri;
}
And here the config for the SSL vhost
server {
listen 443 ssl;
ssl on;
ssl_certificate /srv/www/trendboxx.eu/certificates/www.trendboxx.eu.crt;
ssl_certificate_key /srv/www/trendboxx.eu/certificates/www.trendboxx.eu.key;
server_name www.trendboxx.eu;
access_log /srv/www/trendboxx.eu/logfiles/nginx.access.log;
error_log /srv/www/trendboxx.eu/logfiles/nginx.error.log;
root /srv/www/trendboxx.eu/public_html;
index index.php;
location / {
# try file => folder => JTL-Shop3 Search
try_files $uri $uri/ /index.php?q=$uri$args;
}
# error pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# JTL-Shop3 expires for static files
location ~* \.(eot|ttf|woff|css|less)$ {
expires max;
add_header Access-Control-Allow-Origin *;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
}
# PHP handler
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 180;
proxy_read_timeout 180;
}
# deny access to hidden files
location ~ /\. {
deny all;
}
}
I am gratefull for every hint on how to solve this problem.

How to redirect two domains in ssl?

I have the domain englishname.ca than I want to redirect to englishname.com. I did some configuration and it works with HTTP but not with https. But I go to http://englishname.ca, I'm redirected to http://englishname.com but when I go to https://englishname.ca, I'm not redirected.
This is my conf :
server {
server_name 162.243.216.109 staging.frenchname.com staging.englishname.ca staging.singularenglishname.com;
add_header X-Frame-Options "SAMEORIGIN";
rewrite ^/(.*)$ $scheme://staging.englishname.com/$1 permanent;
}
server {
listen 80 default deferred;
server_name www.englishname.com staging.englishname.com;
root /home/deployer/apps/site/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
server {
listen 443 default ssl;
server_name www.englishname.com staging.englishname.com;
root /home/deployer/apps/site/current/public;
ssl on;
ssl_certificate /etc/ssl/certs/www.englishname.crt;
ssl_certificate_key /etc/ssl/private/www.englishname.key;
ssl_session_timeout 5m;
ssl_protocols sslv3 tlsv1 tlsv1.1 tlsv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
What can I do?
I found the answer, I simply added those lines :
server {
listen 443;
server_name 162.243.216.109 staging.lescollectionneursassocies.com staging.associatedartcollectors.ca staging.associatedartcollector.com;
add_header X-Frame-Options "SAMEORIGIN";
rewrite ^/(.*)$ $scheme://staging.associatedartcollectors.com/$1 permanent;
}
It's the same lines than the beggin but with listen 443.