I have an nginx.conf with four different hosts and an http to https redirect. All the hosts are similar configured, therefore I'm only including the parts that are different for hosts 2,3 and 4.
events {} http { proxy_send_timeout 120; proxy_read_timeout 300; proxy_buffering off; keepalive_timeout 5 5; tcp_nodelay on; server { listen 80 default_server; listen [::]:80 default_server; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name confluence6.company.com; # allow large uploads of files client_max_body_size 1G; # optimize downloading files larger than 1G #proxy_max_temp_file_size 2G; ssl_certificate /etc/letsencrypt/live/confluence6.company.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/confluence6.company.com/privkey.pem; # from Certbot include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { resolver 127.0.0.11; set $confluence_old "confluence6:8090/"; proxy_pass http://$confluence_old; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto "https"; } } server { listen 443 ssl; server_name confluence7.company.com; ... location / { resolver 127.0.0.11; set $confluence "confluence7:8090/"; proxy_pass http://$confluence; ... } } server { listen 443 ssl; server_name jira7.company.com; ... location / { resolver 127.0.0.11; set $jira_old "jira7:8080/"; proxy_pass http://$jira_old; ... } } server { listen 443 ssl; server_name jira8.company.com; ... location / { resolver 127.0.0.11; set $jira "jira8:8080/"; proxy_pass http://$jira; ... } } } In the location part I'm using the combo with the resolver and the proxy_pass as variable so that the nginx starts when not all hosts are up (solution from here). Unfortunately I'm getting the ERR_TOO_MANY_REDIRECTS with any host now.
Setting the the proxy_pass directly removes the redirect loop:
location / { resolver 127.0.0.11; proxy_pass http://jira8:8080/; ... } But then I can't start nginx if all hosts are not up. Currently I have a workaround always commenting out all the hosts that do not work.
All of the hosts are docker containers, which are configured to deliver https like this:
jira8: container_name: jira8 environment: ATL_PROXY_NAME: jira8.company.com ATL_PROXY_PORT: "443" ATL_TOMCAT_SCHEME: https ATL_TOMCAT_SECURE: "true" JVM_MAXIMUM_MEMORY: 3072m expose: - "8080" image: atlassian/jira-software:8.11 networks: atlassian-network: aliases: - jira8 ports: - "8081:8080" restart: always volumes: - /root/jira-home:/var/atlassian/application-data/jira - /root/mysql-connector-java-5.1.45-bin.jar:/opt/atlassian/jira/lib/mysql-connector-java-5.1.45-bin.jar How does my nginx.conf have to look like in order to not have a redirect loop and still be able to start nginx even if not all hosts are up?
confluence6:8090, e.g.http://confluence6.company.com:8090. If my guess is correct, you should be redirected toconfluence6's HTTPS site, and you should change yourproxy_pass http...toproxy_pass https...here.confluence6:8090is only accessible on the internal docker network on the server. If I set theproxy_passtohttpsI get an502 Bad Gatewayerror. Even if my Atlassian / Confluence Services also do redirect tohttps, this shouldn't create a loop.proxy_passtohttpsand receiving502 Bad Gateway, can you show your nginx's error log entry?proxy_passas variable so that the nginx starts when not all hosts are up" interferes. My working solution is to define static IP-addresses for the docker container(s) and use these IP-addresses in theproxy_passstanza.