I've got a problem with my nginx config. I've got a domain that is running using cloudflare DNS proxied records. Main site and subdomain (with portainer) have got ssl certificates from Let's Encrypt. When I want to enter main site or my subdomain I get too many redirections error. When I turn off proxied option in cloudflare everything is working properly. I don't know where to search for the problem. Here's nging.conf file:
http {
# HTTP Redirect to HTTPS for my website
server {
listen 80;
server_name mydomain.pl www.mydomain.pl;
return 301 https://mydomain.pl;
}
server {
if ($host = www.mydomain.pl) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mydomain.pl) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain.pl www.mydomain.pl;
return 404; # managed by Certbot
}}
And here's nginx default site config file:
server {
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name domain.pl; # managed by Certbot
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.domain.pl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sub.domain.pl/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain.pl) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name mydomain.pl;
return 404; # managed by Certbot
}
# Redirect sub.domain.com to Portainer using nginx proxy
server {
server_name sub.mydomain.pl;
location / {
proxy_set_header Host $host;
proxy_pass https://mydomain.pl:9443;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.domain.pl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sub.domain.pl/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sub.mydomain.pl) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name sub.mydomain.pl;
return 404; # managed by Certbot
}
I would be grateful if anyone would point out where I made a mistake and explain how to solve this problem
CodePudding user response:
If you are already supporting TLS on your origin server, it's best to let Cloudflare handle the redirect from HTTP to HTTPS and then configure Cloudflare to always use HTTPS when contacting your origin server. In this way, there is no possibility of misconfiguration/conflict between Cloudflare and your origin server.
In your Cloudflare Dashboard
- In the
SSL/TLS > Overviewtab, use Full (strict) - In the
SSL/TLS > Edge Certificatestab, enable Always use HTTPS
In this way, all HTTP requests proxied by Cloudflare will be redirected by Cloudflare to HTTPS, then all requests from Cloudflare to your webserver will be made over HTTPS.
You can also read more at this Support article to continue troubleshooting if needed.