TransWikia.com

nginx ERR_TOO_MANY_REDIRECTS when working with resolver and variables for proxy_pass

Server Fault Asked by mles on February 1, 2021

I have an nginx.conf with four different hosts and an http to https redirect. All the hosts are similar configured, therefore I’m only including the parts that are different for hosts 2,3 and 4.

events {}
http {

  proxy_send_timeout 120;
  proxy_read_timeout 300;
  proxy_buffering    off;
  keepalive_timeout  5 5;
  tcp_nodelay        on;

  server {
    listen 80 default_server;
    listen [::]:80 default_server;
    return 301 https://$host$request_uri;
  }

  server {
    listen       443 ssl;
    server_name  confluence6.company.com;

    # allow large uploads of files
    client_max_body_size 1G;

    # optimize downloading files larger than 1G
    #proxy_max_temp_file_size 2G;

    ssl_certificate      /etc/letsencrypt/live/confluence6.company.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/confluence6.company.com/privkey.pem;

    # from Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
      resolver 127.0.0.11;
      set $confluence_old "confluence6:8090/";
      proxy_pass http://$confluence_old;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto "https";
    }
  }

  server {
    listen       443 ssl;
    server_name  confluence7.company.com;
    ...
    location / {
      resolver 127.0.0.11;
      set $confluence "confluence7:8090/";
      proxy_pass http://$confluence;
      ...
    }
  }

  server {
    listen       443 ssl;
    server_name  jira7.company.com;
    ...
    location / {
      resolver 127.0.0.11;
      set $jira_old "jira7:8080/";
      proxy_pass http://$jira_old;
      ...
    }
  }

  server {
    listen       443 ssl;
    server_name  jira8.company.com;
    ...
    location / {
      resolver 127.0.0.11;
      set $jira "jira8:8080/";
      proxy_pass http://$jira;
      ...
    }
  }

}

In the location part I’m using the combo with the resolver and the proxy_pass as variable so that the nginx starts when not all hosts are up (solution from here). Unfortunately I’m getting the ERR_TOO_MANY_REDIRECTS with any host now.

Setting the the proxy_pass directly removes the redirect loop:

    location / {
      resolver 127.0.0.11;
      proxy_pass http://jira8:8080/;
      ...
    }

But then I can’t start nginx if all hosts are not up. Currently I have a workaround always commenting out all the hosts that do not work.

All of the hosts are docker containers, which are configured to deliver https like this:

  jira8:
    container_name: jira8
    environment:
      ATL_PROXY_NAME: jira8.company.com
      ATL_PROXY_PORT: "443"
      ATL_TOMCAT_SCHEME: https
      ATL_TOMCAT_SECURE: "true"
      JVM_MAXIMUM_MEMORY: 3072m
    expose:
      - "8080"
    image: atlassian/jira-software:8.11
    networks:
      atlassian-network:
        aliases:
          - jira8
    ports:
      - "8081:8080"
    restart: always
    volumes:
      - /root/jira-home:/var/atlassian/application-data/jira
      - /root/mysql-connector-java-5.1.45-bin.jar:/opt/atlassian/jira/lib/mysql-connector-java-5.1.45-bin.jar

How does my nginx.conf have to look like in order to not have a redirect loop and still be able to start nginx even if not all hosts are up?

One Answer

The only redirect I see is the 301 from HTTP to HTTPS. Don't use 301 in testing phase! Better use temporary 303. Can you configure your Confluence at all places to deliver HTTPS instead of HTTP? Then you shouldn't get endless redirection. Otherwise, you can also intercept and rewrite the redirects coming from your back end - sent to (and executed by) the client. https://serverfault.com/a/986034/304842

Answered by uav on February 1, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP