Disable https for certain path in nginx results in instance behind ELB going into redirect loop

numan asked:

I am using elb terminated ssl. I want to force /product/performancesummaries/ to be HTTP only. Here is my current configuration that I am playing around with:

user www-data;
worker_processes 2;
pid /var/run/nginx.pid;

events {
        worker_connections 1024;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 1;
        gzip_buffers 32 8k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

        # uWSGI serving Django.
        upstream django {
            # Distribute requests to servers based on client IP. This keeps load
            # balancing fair but consistent per-client. In this instance we're
            # only using one uWGSI worker anyway.
            ip_hash;
            server unix:/tmp/uwsgi.sock;
        }

  server {
    listen      80;
    server_name www.7geese.com *.amazonaws.com;
    charset     utf-8;


    # Your project's static media.
    location /static/ {
      alias /home/ubuntu/.virtualenvs/7geese/sevengeese/static_files/;
    }

    location /product/performancesummaries/ {
      if ($http_x_forwarded_proto = "https") {
          rewrite ^ http://$host$uri permanent;
      }
      uwsgi_pass  django;
      include     uwsgi_params;
    }

    # Finally, send all non-media requests to the Django server.
    location / {
      if ($http_x_forwarded_proto != "https") {
          rewrite ^ https://$host$uri permanent;
      }
      uwsgi_pass  django;
      include     uwsgi_params;
    }
  }

}

When I visit /product/performancesummaries/, it goes into a infinite redirect loop redirecting from http to https to http etc. Why is it going to an infinite redirect loop and how do I stop it.

My answer:


You have two location blocks, one of which redirects HTTPS to HTTP for /product/performancesummaries/:

  if ($http_x_forwarded_proto = "https") {
      rewrite ^ http://$host$uri permanent;
  }

And the other one redirects HTTP to HTTPS for / (which is everything):

  if ($http_x_forwarded_proto != "https") {
      rewrite ^ https://$host$uri permanent;
  }

This is probably the cause of the problem, though I’m not entirely sure why both locations would be processed. nginx seems to do this in a few cases.

I would try to fix this by excluding /product/performancesummaries/ from the location / HTTP to HTTPS redirect:

      rewrite ^((?!/product/performancesummaries/).) https://$host$uri permanent;

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.