HTTP to HTTPS Nginx too many redirects
Since you are using cloudflare flexible SSL your nginx config file wll look like this:-
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com www.mydomain.com;
if ($http_x_forwarded_proto = "http") {
return 301 https://$server_name$request_uri;
}
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
The answer from Kushal is right. I had the same problem as yours.
I tried both solutions:
- taking the configuration from Kushal
- choosing in Cloudflare from "Flexible" to "Full (strict)" and keep your current configuration
I tried
if ($http_x_forwarded_proto = "http") {
return 301 https://$server_name$request_uri;
}
But this not allways redirected. Manually write address in browser with begining http:// and nginx not redirected. But using $scheme it's working even manually entering http:// So (for my site) is always working variant:
if ($scheme = "http") {
return 301 https://$server_name$request_uri;
}
P.S. sorry for my english :(
Kushal's reasoning is correct. Since you are using "Flexible" SSL between Cloudflare and your origin, you get into this redirect loop.
This isn't ideal as traffic between Cloudflare and your origin is insecure. The best option is to have traffic encrypted.
Go into Cloudflare's Dashboard, select Crypto, then choose a different SSL option that meets your needs. I'm using Full (strict) since I have the certs installed via let's encrypt.
I would also suggest using https://nginxconfig.io/ to generate your config.
From Cloudflare's Help:
Why isn’t my site working over HTTPS? If you have recently signed up for Cloudflare, and your certificate status above shows “Authorizing Certificate”, HTTPS is not yet available for your site because Cloudflare does not have a certificate for it. Provisioning typically takes around 15 minutes for paid plans and up to 24 hours for Free. Contact Support if you do not have a certificate after that time. If the status above shows “Active Certificate” there are several other common problems that can appear when accessing your site over HTTPS.
What SSL setting should I use? This setting controls how Cloudflare’s servers connect to your origin for HTTPS requests. We recommend enabling the Full SSL (Strict) setting if possible. Common use cases for each are:
Off: No visitors will be able to view your site over HTTPS; they will be redirected to HTTP.
Flexible SSL: You cannot configure HTTPS support on your origin, even with a certificate that is not valid for your site. Visitors will be able to access your site over HTTPS, but connections to your origin will be made over HTTP. Note: You may encounter a redirect loop with some origin configurations.
Full SSL: Your origin supports HTTPS, but the certificate installed does not match your domain or is self-signed. Cloudflare will connect to your origin over HTTPS, but will not validate the certificate.
Full (strict): Your origin has a valid certificate (not expired and signed by a trusted CA or Cloudflare Origin CA) installed. Cloudflare will connect over HTTPS and verify the cert on each request.