Can't Connect to Website on Certain ISPs (Too Many Redirects)

Josh Hudnall asked:

I’m having a strange problem all of a sudden, and I’m pretty sure I’ve eliminated the application as the culprit, but I’m not a server admin by nature so I could be wrong.

From my home, office and other networks it loads fine. On Verizon, it is not loading, giving an error of too many redirects. This is true when loading on my phone or on my laptop tethered to my phone.

The problem seems to have cropped up last night, or at least that’s when we noticed it.

I suspect it’s something in the server config, but my Nginx config seems correct:

server {
    listen 80;
    listen [::]:80 ipv6only=off;

    server_name launchwestco.com *.launchwestco.com;
    rewrite ^ https://$host$request_uri? permanent;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl ipv6only=off;

    server_name launchwestco.com *.launchwestco.com;
    root /home/forge/envoyer/com.launchwestco/current/public;
    client_max_body_size 55M;
    underscores_in_headers on;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate [...]/server.crt;
    ssl_certificate_key [...]/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    index index.html index.htm index.php;

    charset utf-8;

    location ~* /auth/(.+) {
        return 301 /authentication/$1;
    }

    # FORGE CONFIG (DOT NOT REMOVE!)
    include forge-conf/launchwestco.com/server/*;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/launchwestco.com-error.log error;

    error_page 404 /index.php;

    location ~ .php$ {
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /.ht {
        deny all;
    }
}

upstream discourse { server 127.0.0.1:85; }
server {
    listen 443 ssl;
    server_name community.launchwestco.com;
    return 301 http://community.launchwestco.com$request_uri;
}

server {
  listen 80;
  server_name community.launchwestco.com;

    # FORGE CONFIG (DOT NOT REMOVE!)
    include forge-conf/launchwestco.com/server/*;

  location / {
    access_log off;
    proxy_pass http://discourse;
  }
}

netstat -tlp shows the following (truncated to only http/s output):

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:http                  *:*                     LISTEN      4880/nginx -g daemo
tcp        0      0 *:https                 *:*                     LISTEN      4880/nginx -g daemo
tcp6       0      0 [::]:https              [::]:*                  LISTEN      4880/nginx -g daemo

(I’m not sure why a line for [::]:http is missing … and I don’t know if it matters for this particular issue.)

Even if I insert code like die('DEBUGGING'); as the first line in the front controller of the app—the first executed line of PHP that should be run—the error still occurs, and I don’t get the output expected from the app.

I’m having the hardest time troubleshooting it. There are definitely redirects built into the app, but those don’t seem to be the culprit because they’re behaving as expected on most ISPs. It’s only on Verizon Mobile that the issue occurs (that we’re aware of anyway).

Any ideas what could be causing our problems?

My answer:


The problem you are having is that your web site works when accessed via IPv4, but returns too many redirects when accessed via IPv6.

To resolve it:

Your nginx configuration has errors that should cause it to fail to load.

In particular, you’ve specified ipv6only=off in your IPv6 listen directives, but also specified IPv4 listen directives along with them. The expected response to this is nginx returning an error 98 Address already in use and exiting (or refusing to reload the config). If nginx is still running, it is likely with an old config.

You should first remove ipv6only=off from each listen directive, as it is redundant and unnecessary.

You should then add the IPv6 listen directives to the server blocks which are missing them.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.