certbot / certbot

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Infinite redirect for Nginx ProxyPass

TheArctesian opened this issue · comments

If you're having trouble using Certbot and aren't sure you've found a bug or
request for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.

My operating system is (include version):

Arch-6.0.2

I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):

pacamn -S certbot certbot-nginx
certbot-nginx is not in the pacman package so I installed it separately

I ran this command and it produced this output:

I had a very simple http nginx proxy pass

worker_processes    1;
events {
    worker_connections  1024;
}

http {
    server {
        listen 80;
        server_name www.danielokita.com;
        location / {
            proxy_pass http://172.104.177.135:3333/;
        }
    }
}

This work fine so I added https with certbot --nginx

My config then looked like

worker_processes    1;
events {
            worker_connections  1024;
}

http {
server {
        server_name danielokita.com www.danielokita.com;
        location / {
                proxy_pass http://172.104.177.135:3333/;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/danielokita.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/danielokita.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = danielokita.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        server_name danielokita.com www.danielokita.com;
    return 404; # managed by Certbot


}}

Certbot's behavior differed from what I expected because:

The website reloads every 5 seconds when vising it, one can check this out on this link. The https cert is working fine but something is still wrong.

I tried adding in

  location / {
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header        X-Forwarded-Proto $scheme;
                proxy_set_header        Host $http_host;
                proxy_intercept_errors  on;
                proxy_pass http://172.104.177.135:3333/;
        }

Back same output.

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.

There is no problem with the logs so not going to add it, just what it did to my nginx config which I can't figure out why its messing up.

It doesn't look like there's anything wrong with the nginx configuration.

From what I can tell, the reloads are being initiated by the JavaScript in your website. We can't help debug web development issues on this issue tracker, sorry.