Preconditions
- Ubuntu 18.04 DigitalOcean droplet
- Nginx 1.1.4
- MariaDB 10.1.34 (MySQL 15.1)
- PHP 7.1 (Using FPM)
- Redis server 4.0.11
Steps to reproduce
- Download Magento 2.2.5 via Composer
- Install Magento 2.2.5 via CLI using existing database
- Install SSL certificate.
(At this point the website is functioning properly). - Enable https on magento frontend and admin.
- Execute
setup:upgrade
,setup:di:compile
,indexer:reindex
,cache:flush
andsetup:static-content:deploy
in that order.
Expected result
- Frontend is displayed without any security warnings.
- Admin is displayed without any security warnings.
Actual result
- Frontend is displayed without any security warnings.
- Admin is stuck in 301/302 redirect loop
- I can see in the headers that the SSL certificate is recognised as valid.
Notes
I have this problem running 2.2.5 with nginx and redis, no varnish, all on a single digitalocean droplet.
I have read that it can be to do with cookie configuration and set cookie_path to "/" and cookie_domain to both ".example.com" and "example.com", neither of which have produced successful results. I have made changes to the default nginx config provided by magento as suggested above but that wasn't successful either. The nginx config file for my website is as follows:
upstream fastcgi_backend {
server unix:/run/php/php7.1-fpm.sock;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.php index.html index.htm;
server_name example.com www.example.com;
set $MAGE_ROOT /[web_root]/magento;
set $MAGE_MODE production;
access_log [path_to_access].log;
error_log [path_to_error].log;
include /[web_root]/magento/nginx.conf.sample;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
index index.php index.html index.htm;
server_name example.com www.example.com
ssl_certificate /path/to/ssl.crt;
ssl_certificate_key /path/to/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers [ssl_cipher];
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 24h;
keepalive_timeout 300s;
set $MAGE_ROOT /[web_root]/magento;
set $MAGE_MODE production;
access_log /path/to/access.log;
error_log /path/to/error.log;
include /[web_root]/magento/nginx.conf.sample;
}
Edit
I raised this as an issue on github and was advised that I should set the unsecure base url to https, then remove the 301 redirect from my nginx config. I've done this, restarted the server and re-deployed magento to ensure everything is completely fresh. Deleted browser cache and disabled caching in code inspector prior to visiting website and admin page still returns a redirect loop.
Edit #2
I looked at app/etc/env.php and noticed that, alongside the usual base, media, static etc. entries that are found within the system>web>… entry in env.php, there was another entry at the bottom of the file with just the base urls, both set to http.
Although they are duplicate entries, I didn't want to delete them because I'm not sure why magento has created them (I've never manually edited the env.php file for this instance). Instead, I just updated every value which began "http://" with "https://…".
Now I can access the admin panel, but the configuration options for secure URLs in Stores>Configuration>General>Web>Url Options are greyed out and the frontpage no longer redirects to https, though there is no mention of http anywhere in the config file.
I guess that it is greyed out because I'm running in production mode, but I want to make as few changes as possible to the system because it's so close to functioning.
Best Answer
Try the following query:
if path
has value of
Update the value to 1 using the following query
Hard refresh the page and it will work