easyengine
easyengine copied to clipboard
EasyEngine
ERR_TOO_MANY_REDIRECTS after enabling SSL LE
System Information
| OS Linux 4.15.0-42-generic #45-Ubuntu SMP Thu Nov 15 19:32:57 UTC 2018 x86_64
| Shell /bin/bash
| PHP binary /usr/bin/php7.2
| PHP version 7.2.13-1+ubuntu18.04.1+deb.sury.org+1
| php.ini used /etc/php/7.2/cli/php.ini
| EE root dir phar://ee.phar
| EE vendor dir phar://ee.phar/vendor
| EE phar path /opt/easyengine/services/nginx-proxy
| EE packages dir
| EE global config /opt/easyengine/config/config.yml
| EE project config
| EE version 4.0.9
Client:
Version: 18.09.1
API version: 1.39
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:35:31 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:02:44 2019
OS/Arch: linux/amd64
Experimental: false
docker-compose version 1.23.2, build 1110ad01
docker-py version: 3.6.0
CPython version: 3.6.7
OpenSSL version: OpenSSL 1.1.0f 25 May 2017
I have just enabled SSL on a site that was initially created without the SSL flag. So the site was up and running on the non-HTTPS version of the URL. Now, I went ahead and enable SSL via the ee site update example.com --ssl=le command. Now the site wont load and browsers are complaining about ERR_TOO_MANY_REDIRECTS
While trying to troubleshoot this issue I came across the /opt/easyengine/services/nginx-proxy/conf.d/example.com-redirect.conf file and noticed that it has an entry for www.example.com for the server_name values. This doesn't seem correct.
I have done a ee site reload example.com after changing those entries to example.com, however the issue remains.
Hey @w33zy , is this a WP site or a php? I've had similar issues in the past which can be related to Cloudflare SSL certificates or a missing check with $_SERVER['HTTP_X_FORWARDED_PROTO'] and $_SERVER['HTTPS'] in PHP scripts.
Please refer to https://community.easyengine.io/t/redirect-loop-issues/11989/3
The site created using ee site create example.com --type=wp.
I have tried disabling that code block in my wp-config.php and the problem is still the same.
One of the issues I am having is that I can't follow the exact path a request takes because I not not familar with Docker and the file paths in relation to the need for proxies and such.
I do agree it is hard to follow the request path. Any tool or documentation to help with that from the EE team would be welcomed :)
Another thing I can think of is if your WP install points to either www or non-www and your ssl is setup for the opposite. Make sure they are both consistent by looking at your WP Settings (might have to use phpmyadmin since you can't connect anymore) and your /opt/easyengine/services/nginx-proxy/conf.d/example.com-redirect.conf. That file is supposed to redirect from www to non-www or vice-versa according to your setup.
I just checked my wp_options table and my site_name and home values are set to https://example.com.
This is Docker thing is ridiculous!
I have renamed example.com-redirect.conf to example.com-redirect.bak and problem is still the same.
I have commented out sections of /opt/easyengine/services/nginx-proxy/conf.d/default.conf ran ee service reload nginx-proxy then the file reverts my edits and problem remains.
Strangely though I am able to access https://example.com/ee-admin/ without any issues.
Are you using Cloudflare for your DNS by any chance? Other people have experienced issues with conflicting SSL certificates from CF.
My understanding is that those configuration files are created automatically by the nginx-proxy. There should not be any direct edit there as they will get overwritten when restarting the site.
What is the content of your example.com-redirect.conf?
Try adding test.php with
<p>Testing for a php script without WP running.</p>
<p>HTTPS: <?php echo $_SERVER['HTTPS'];?></p>
<p>HTTP_X_FORWARDED_PROTO: <?php echo $_SERVER['HTTP_X_FORWARDED_PROTO']; ?></p>
Make sure it is owned by www-data:www-data. Access it with example.com/test.php. What's the result?
@aparadox I don't use CF and here is my example.com-redirect.conf file.
I'll post the results of that test tomorrow.
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/example.com.crt;
ssl_certificate_key /etc/nginx/certs/example.com.key;
server_name example.com;
return 301 https://example.com$request_uri;
}
@aparadox Here is the result from that script
Testing for a php script without WP running.
HTTPS:
HTTP_X_FORWARDED_PROTO: https
Server_name in both of those redirect blocks should be www.example.com. The propose of those is to redirect users from the www to the non-www version. Your continusly redirecting example.com to example.com.
I am not sure if ee site reload reloads the proxy as well. Try running ee service restart nginx-proxy after you reload the individual site, after you fix those server names.
