Server Fault Asked by mles on February 1, 2021
I have an nginx.conf
with four different hosts and an http to https redirect. All the hosts are similar configured, therefore I’m only including the parts that are different for hosts 2,3 and 4.
events {}
http {
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
keepalive_timeout 5 5;
tcp_nodelay on;
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name confluence6.company.com;
# allow large uploads of files
client_max_body_size 1G;
# optimize downloading files larger than 1G
#proxy_max_temp_file_size 2G;
ssl_certificate /etc/letsencrypt/live/confluence6.company.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/confluence6.company.com/privkey.pem;
# from Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
resolver 127.0.0.11;
set $confluence_old "confluence6:8090/";
proxy_pass http://$confluence_old;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
server {
listen 443 ssl;
server_name confluence7.company.com;
...
location / {
resolver 127.0.0.11;
set $confluence "confluence7:8090/";
proxy_pass http://$confluence;
...
}
}
server {
listen 443 ssl;
server_name jira7.company.com;
...
location / {
resolver 127.0.0.11;
set $jira_old "jira7:8080/";
proxy_pass http://$jira_old;
...
}
}
server {
listen 443 ssl;
server_name jira8.company.com;
...
location / {
resolver 127.0.0.11;
set $jira "jira8:8080/";
proxy_pass http://$jira;
...
}
}
}
In the location
part I’m using the combo with the resolver and the proxy_pass as variable so that the nginx starts when not all hosts are up (solution from here). Unfortunately I’m getting the ERR_TOO_MANY_REDIRECTS
with any host now.
Setting the the proxy_pass
directly removes the redirect loop:
location / {
resolver 127.0.0.11;
proxy_pass http://jira8:8080/;
...
}
But then I can’t start nginx if all hosts are not up. Currently I have a workaround always commenting out all the hosts that do not work.
All of the hosts are docker containers, which are configured to deliver https like this:
jira8:
container_name: jira8
environment:
ATL_PROXY_NAME: jira8.company.com
ATL_PROXY_PORT: "443"
ATL_TOMCAT_SCHEME: https
ATL_TOMCAT_SECURE: "true"
JVM_MAXIMUM_MEMORY: 3072m
expose:
- "8080"
image: atlassian/jira-software:8.11
networks:
atlassian-network:
aliases:
- jira8
ports:
- "8081:8080"
restart: always
volumes:
- /root/jira-home:/var/atlassian/application-data/jira
- /root/mysql-connector-java-5.1.45-bin.jar:/opt/atlassian/jira/lib/mysql-connector-java-5.1.45-bin.jar
How does my nginx.conf
have to look like in order to not have a redirect loop and still be able to start nginx even if not all hosts are up?
The only redirect I see is the 301 from HTTP to HTTPS. Don't use 301 in testing phase! Better use temporary 303. Can you configure your Confluence at all places to deliver HTTPS instead of HTTP? Then you shouldn't get endless redirection. Otherwise, you can also intercept and rewrite the redirects coming from your back end - sent to (and executed by) the client. https://serverfault.com/a/986034/304842
Answered by uav on February 1, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP