everything working fine, but when I enable secure admin (ssl) it gives redirect loop issue. I am not able to use admin pannel also cross origin issue for front ens static content.
I am using ssl over nginx + varnish.
I tried so many things (even may stackexchange answers) but no luck. can someone help me to tackle this issue.
Nginx configuration (magento2 nginx sample config included).
upstream fastcgi_backend {
server unix:/run/php/php7.0-fpm.sock;
}
server {
server_name mydomain.com www.mydomain.com 1xx.xx.xx.xxx; #private Ip included
listen 8080;
set $MAGE_ROOT /var/www/html/mysiteconf;
set $MAGE_MODE developer; # or production
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
#mujassam
#fastcgi_param HTTPS on;
include /var/www/html/mydomain/nginx.conf.sample;
}
server {
# listen 443 ssl;
#added by mujassam
listen 443 ssl http2; #m ## listen for ipv4; this line is default and
implied listen [::]:443 ssl http2;
server_name www.mydomain.com;
ssl_certificate /etc/ssl/certs/www_mydomain_com.crt;
ssl_certificate_key /etc/ssl/private/www_mydomain_com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#mujassam
# fastcgi_param HTTPS on;
# fastcgi_param HTTP_SCHEME https;
ssl_prefer_server_ciphers on;
###
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 24h;
keepalive_timeout 300s;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Ssl-Offloaded "1";
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
#mujassam added
proxy_set_header X-Forwarded-Ssl on;
#proxy_hide_header X-Varnish;
#proxy_hide_header Via;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Hope Some body can help.
Best Answer
I was facing the same problem and someone tells me to set the base url with https.
Set to NO for
Use Secure URLs on Storefront
ANDUse Secure URLs in Admin
.If you can't access to admin panel, you could do this with :
Hope it helps