2

I run a Magento store on a Ubuntu 16.04 VPS using Apache/2.4.18 and varnish, and now I wanted to add SSL (lets-encrypt) in the mix. And apart from other obstacles (static content not loading on HTTPS and more), now that I have enabled forcing HTTPS, I get the ERR_TOO_MANY_REDIRECTS error. I probably made a goof somewhere, and I don't see it.

The idea of my setup is to have:

HTTPS:443 -> Varnish:80 -> Apache:8080

Here are the files and info, that has to do with my problem, that I can think of. If there are more, please let me know, and I will update my question. Thank you!

/etc/apache2/ports.conf

Listen 8080 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>

/etc/apache2/sites-enabled/ :

  • 000-default.conf
  • default-ssl.conf

/etc/apache2/sites-enabled/000-default.conf

<VirtualHost 127.0.0.1:8080> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

/etc/apache2/sites-enabled/default-ssl.conf

<VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> SSLProxyEngine On SSLProxyCheckPeerCN on SSLProxyCheckPeerExpire on SSLHonorCipherOrder On ProxyPreserveHost On ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ </VirtualHost>

apache2ctl -M (Apache2 modules)

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) filter_module (shared) mime_module (shared) mpm_prefork_module (shared) negotiation_module (shared) php7_module (shared) proxy_module (shared) proxy_connect_module (shared) proxy_http_module (shared) rewrite_module (shared) setenvif_module (shared) socache_shmcb_module (shared) ssl_module (shared) status_module (shared)

/etc/default/varnish

START=yes NFILES=131072 MEMLOCK=82000 DAEMON_OPTS="-a :80 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -S /etc/varnish/secret \ -s malloc,256m" \ -p http_resp_hdr_len=65536 \ -p http_resp_size=98304 VARNISH_LISTEN_PORT=80

Magento's root folder .htaccess 

 DirectoryIndex index.php <IfModule mod_php5.c> php_value memory_limit 2048M php_value max_execution_time 18000 php_flag session.auto_start off #php_flag zlib.output_compression on php_flag suhosin.session.cryptua off </IfModule> <IfModule mod_php7.c> php_value memory_limit 2048M php_value max_execution_time 18000 php_flag session.auto_start off #php_flag zlib.output_compression on php_flag suhosin.session.cryptua off </IfModule> <IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule> <IfModule mod_deflate.c> </IfModule> <IfModule mod_ssl.c> SSLOptions StdEnvVars </IfModule> <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine on #RewriteBase /magento/ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteCond %{REQUEST_METHOD} ^TRAC[EK] RewriteRule .* - [L,R=405] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule .* index.php [L] </IfModule> AddDefaultCharset Off #AddDefaultCharset UTF-8 AddType 'text/html; charset=UTF-8' html <IfModule mod_expires.c> ExpiresDefault "access plus 1 year" ExpiresByType text/html A0 ExpiresByType text/plain A0 </IfModule> ########################################### ## Deny access to root files to hide sensitive application information RedirectMatch 403 /\.git <Files composer.json> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files composer.lock> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files .gitignore> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files .htaccess> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files .htaccess.sample> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files .php_cs.dist> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files .travis.yml> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files CHANGELOG.md> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files CONTRIBUTING.md> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files COPYING.txt> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files Gruntfile.js> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files LICENSE.txt> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files LICENSE_AFL.txt> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files nginx.conf.sample> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files package.json> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files php.ini.sample> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files README.md> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files auth.json> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> <Files magento_umask> <IfVersion < 2.4> order allow,deny deny from all </IfVersion> <IfVersion >= 2.4> Require all denied </IfVersion> </Files> # For 404s and 403s that aren't handled by the application, show plain 404 response ErrorDocument 404 /pub/errors/404.php ErrorDocument 403 /pub/errors/404.php <IfModule mod_headers.c> Header set X-UA-Compatible "IE=edge" # `mod_headers` cannot match based on the content-type, however, # the `X-UA-Compatible` response header should be send only for # HTML documents and not for the other resources. <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$"> Header unset X-UA-Compatible </FilesMatch> </IfModule> #RewriteCond %{HTTP_HOST} ^example\.com [NC] #RewriteCond %{SERVER_PORT} 80 #RewriteRule ^(.*)$ https://example.com/$1 [R,L]
Improve this question
2
  • The problem is probably that you wanted to enforce/redirect to https from a .htaccess file. Because all the internal connections are plain http, the VirtualHost on port 8080 will always trigger that redirect , regardless of the fact that the client is already using https to connect to the VirtualHost on port 443 will be redirected to https Commented May 24, 2018 at 10:46
  • The enforcement was from Magentos backend, but I see your point. However, If I don't enforce HTTPS, and connect to my websites HTTPS version, I don't have the above error. I have others though... Commented May 24, 2018 at 11:03

1 Answer 1

Reset to default
1

Remove all the redirects in Apache and set it in Varnish by adding the following:

/etc/varnish/default.vcl

sub vcl_recv { if ( (req.http.host ~ "^(?i)www.yourdomain.com" || req.http.host ~ "^(?i)www.yourdomain.com") && req.http.X-Forwarded-Proto !~ "(?i)https") { return (synth(750, "")); } } sub vcl_synth { if (resp.status == 750) { set resp.status = 301; set resp.http.Location = "https://www.yourdomain.com" + req.url; return(deliver); } }
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.