I have Universal SSL with CloudFlare. I wanted to set up a permanent SSL redirect on my Ghost blog.
This was my original config. It works great individually using http://example.com and https://example.com
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name example.com; # Replace with your domain
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 10G;
location / {
proxy_pass http://localhost:2368;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
This is my attempted config to for a redirect from HTTP to HTTPS, but it results in a redirect loop
server {
listen 80 default_server;
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/cert/example.crt;
ssl_certificate_key /etc/nginx/ssl/private/example.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
server_name example.com; # Replace with your domain
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 10G;
location / {
proxy_pass http://localhost:2368;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
Not entirely sure why its looping.
Best Answer
I don't have enough rep to add a comment above, but I also experienced this issue and the only way I managed to get around it was to disable CloudFlare for the specific DNS entry, which obviously isn't ideal.
Based on this, it seems like it's an issue with the way CloudFlare is implementing their Universal SSL for DNS entries that already have SSL (with redirects from HTTP to HTTPS) enabled. Also, it doesn't seem like you can disable CloudFlare SSL for specific DNS entries.
Sorry I can't be more helpful, but if I find a solution I'll definitely post it here.