1

I am running a Netbox instance on an OpenSUSE Leap VM, the default config file comes like this:

<VirtualHost *:80> # CHANGE THIS TO YOUR SERVER'S NAME ServerName netbox.argenmedia.com RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] </VirtualHost> <VirtualHost *:443> ProxyPreserveHost On # CHANGE THIS TO YOUR SERVER'S NAME ServerName netbox.argenmedia.com SSLEngine on SSLCertificateFile /etc/ssl/certs/netbox.crt SSLCertificateKeyFile /etc/ssl/certs/netbox.key Alias /static /opt/netbox/netbox/static <Directory /opt/netbox/netbox/static> Options FollowSymLinks MultiViews AllowOverride None Require all granted </Directory> <Location /static> ProxyPass ! </Location> RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} ProxyPass / http://127.0.0.1:8001/ ProxyPassReverse / http://127.0.0.1:8001/ </VirtualHost>

Apache Enabled modules:

a2enmod -l actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout proxy proxy_http headers mod_rewrite

Apache logs:

tail -f /var/log/apache2/access_log 172.68.19.15 - - [02/Oct/2024:02:26:32 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.15 - - [02/Oct/2024:02:26:33 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.15 - - [02/Oct/2024:02:26:33 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.15 - - [02/Oct/2024:02:26:33 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.15 - - [02/Oct/2024:02:26:33 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.15 - - [02/Oct/2024:02:26:34 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.15 - - [02/Oct/2024:02:26:34 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.15 - - [02/Oct/2024:02:26:34 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 45.79.120.183 - - [02/Oct/2024:02:30:16 +0000] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Debian; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" 45.79.120.183 - - [02/Oct/2024:02:30:17 +0000] "GET /favicon.ico HTTP/1.1" 404 9307 "-" "Mozilla/5.0 (Debian; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" 172.68.19.16 - - [02/Oct/2024:02:31:07 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:07 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:07 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:08 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:08 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:08 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:08 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:09 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:09 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:09 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:09 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15" 172.68.19.16 - - [02/Oct/2024:02:31:10 +0000] "GET / HTTP/1.1" 302 216 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15"

Domain is hosted on Cloudflare (proxied) same as other services without any issues.

I do understand there's a loop going on, I do notice the port 80 saying "Rewrite all incoming requests to https" and port 443 saying "Pass this to http: etcetc" So maybe that's where the loop happens? But why would Netbox ship out with a faulty config file like this? Or is it some rewrite condition on my Cloudflare settings causing this?

Added info:

netbox:/home/netbox# curl -I http://netbox.argenmedia.com HTTP/1.1 302 Found Date: Wed, 02 Oct 2024 03:31:16 GMT Content-Type: text/html; charset=iso-8859-1 Connection: keep-alive Location: https://netbox.argenmedia.com/ CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SuA%2F8OAWIuZ1EUSRCS25njGptptwaWIwIbOTT0k36JQbFNp2JTNA0hk7WhRIbpTg5RS%2FAH%2BPACcZeNXSyEwY5Naw7csJpgKODYi%2F4reBYO042IpJ%2ByT0WlvG5Df%2FBP0pF9vJavAyUMewXg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8cc19e594de1af50-GRU netbox:/home/netbox# curl -I https://netbox.argenmedia.com HTTP/2 302 date: Wed, 02 Oct 2024 03:31:21 GMT content-type: text/html; charset=iso-8859-1 location: https://netbox.argenmedia.com/ cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cDg5I7tqtcczMBLItdEEKLUqKqftsq4snsvLMepp%2BCJ1UzK5M8UOlA1jiG6ttXhLuHuyIfe9ZcoZgb8Psp2x6QD6PPgT%2FALYUzyX5VDxeCvGeu98893n0SuK6hzNFeAIdK%2FbrZeqcZ1jMw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} speculation-rules: "/cdn-cgi/speculation" server: cloudflare cf-ray: 8cc19e78dc4fa4d2-GRU
Improve this question
9
  • 1
    Check with curl where the redirect goes. Commented Oct 2, 2024 at 2:59
  • @vidarlo: It goes right to the correct domain (and CF's proxies) and then I get a response like this `< HTTP/1.1 301 Moved Permanently < Location: netbox.argenmedia.com < Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CVp1sDH%2B%2FQ4OOFfcdzrRLUaUkWaucLBEPJZ8bo1Beyshnmh0unfGAMZC98Oq5YzRjoR%2Fv9s2PUKKK0PL8yB8fvoUym3rzMS%2FYluNeOnwIoDbCn2aLMcna1MVcQN0t6JyfbNhwBDs6Gy3mg%3D%3D"}],"group":"cf-nel","max_age":604800} < Speculation-Rules: "/cdn-cgi/speculation" < Server: cloudflare Commented Oct 2, 2024 at 3:12
  • 1
    What's the actual output of curl -I http://url and curl -I https://url? Edit your question to add the information. Commented Oct 2, 2024 at 3:20
  • @vidarlo: Information added. Thanks for the help! Commented Oct 2, 2024 at 3:34
  • 1
    Your problem is likely similar to this serverfault.com/a/832725/37681 and you need to reconfigure cloudflare so that it make http rather than https requests to your server and redirect to https at cloudflare rather than on your Own webserver Commented Oct 2, 2024 at 5:02

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.