NGINX Reverse Proxy Configuration with Cloudflare

Question

NGINX Reverse Proxy Configuration with Cloudflare

njags opened this issue a year ago · 3 comments

Hello,

We are looking to use TruDesk ticketing application for our company and at the moment we have created the environment required and clone the repo from Github, I can see the install opening using the IP and Port but when I try to add the revese proxy it does not work using the sample config file for default conf file.

I have tried multiple ways searching on google but yet not able to configure it and everytime either the nginx shows error or when I try to open the site it says - "ERR_TOO_MANY_REDIRECTS"

Below is the environment I am using -

Ubuntu 20.04
AWS Server
MongoDB
Elatisc Search
Cloudflare for DNS

Below you can the conf file configuration modified by me to be used with Cloudflare where the SSL setting is flexible.

Currently, when we load the website it says - Web server is down Error code 521, when SSL is turned off it says - "ERR_TOO_MANY_REDIRECTS"

Default server configuration for TruDesk configuration on AWS EC2 Server and Cloudflare Flexible SSL

http {
access_log /var/log/nginx/access.log main;

sendfile        on;
keepalive_timeout  65;

upstream socket_nodes {
    ip_hash;
    # IP Address of Host running Trudesk
    server 3.125.27.30:8118;
}

server {
    listen 80;
    return 301 https://$host$request_uri;
    server_name  support.panaroma.finance;
    ssl on;

    location ~ ^/(uploads/) {
            root /usr/src/trudesk/public;
            access_log off;
            expires modified +1h;
    }

    location / {
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_cache one;
            proxy_cache_key trudesk$request_uri$scheme;
            proxy_pass http://socket_nodes;

            proxy_redirect http://socket_nodes https://socket_nodes;
    }

    # redirect server error pages to the static page /50x.html
    # in the even that the trudesk instance is down, these pages will serve.
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
    }
}

}

Request you to kindly help me to resolve the nginx configuration issue asap.

Answer 1 · 2023-09-11T10:04:59.000Z

You have a redirect loop on in the server block.

It should be split out to a separate server block for redirect port 80 to https

Take a look at the example nginx configuration and take note of the server {} block for both port 80 and 443

You're trying to redirect to HTTPS and have Cloudflare establish the connection to your server over HTTP but when it redirects to HTTPS it is still proxied through HTTP and thus it tries to redirect to HTTPS again. That's your loop.

Turning off SSL gives you the 521 error because you're not listening on HTTPS but you are redirecting to it and enabling SSL via ssl on but like the rest of the SSL configuration, such as:

#ssl configuration
ssl_certificate         /path/to/certificate.crt
ssl_certificate_key     /path/to/certificate.key

Answer 2 · 2023-10-11T21:36:55.000Z

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

Answer 3 · 2023-10-16T21:37:05.000Z

This issue was closed because it has been stalled for 5 days with no activity.