Jump to content


Photo

Reverse Proxy - ERR_TOO_MANY_REDIRECTS

reverse proxy NGINX SSL https

  • Please log in to reply
17 replies to this topic

#1 garrettjones331 OFFLINE  

garrettjones331

    Newbie

  • Members
  • 9 posts
  • Local time: 07:40 AM

Posted 31 May 2018 - 10:32 PM

Hello,

 

I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/c...verse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own.  For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy".  I have manually checked the server config xml and verified that "requirehttps" is false.  I also have my 80 and 443 ports forwarded to the NGINX server on my router.

 

The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome.

 

I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.



#2 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2935 posts
  • Local time: 05:40 AM
  • LocationChicago

Posted 31 May 2018 - 11:01 PM

Hello,

 

I used Swynol's guide on setting up a reverse proxy in attempt to set up my own (Reference Post #5 - https://emby.media/c...verse-proxy/). In terms of NGINX config set up, I essentially copy and pasted his last post replacing his domains and sub-domains with my own.  For the Emby server set up I have the public https port to 443, the external domain set, and the secure connection mode set to "Reverse Proxy".  I have manually checked the server config xml and verified that "requirehttps" is false.  I also have my 80 and 443 ports forwarded to the NGINX server on my router.

 

The issue I'm getting is that when I try to access my server I get a "ERR_TOO_MANY_REDIRECTS" in chrome.

 

I've exhausted my google-fu techniques and come to seek knowledge from others who may be more savvy with NGINX and reverse proxies.

 

I'm just asking to be sure, but did you go get a ssl cert and place the public and private keys in the locations you have in nginx?

SSL/cert.pem
SSL/private.key



#3 garrettjones331 OFFLINE  

garrettjones331

    Newbie

  • Members
  • 9 posts
  • Local time: 07:40 AM

Posted 31 May 2018 - 11:02 PM

Yes, I've done that and verified by looking at the error log file that nginx is actually running.



#4 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2935 posts
  • Local time: 05:40 AM
  • LocationChicago

Posted 31 May 2018 - 11:20 PM

Yes, I've done that and verified by looking at the error log file that nginx is actually running.

 

post your actual config, maybe remove your domain name. 



#5 garrettjones331 OFFLINE  

garrettjones331

    Newbie

  • Members
  • 9 posts
  • Local time: 07:40 AM

Posted 31 May 2018 - 11:25 PM

worker_processes  2;


events {
    worker_connections  8192;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
	server_tokens off;
	
	gzip on;
	gzip_disable "msie6";

	gzip_comp_level 6;
	gzip_min_length 1100;
	gzip_buffers 16 8k;
	gzip_proxied any;
	gzip_types
    text/plain
    text/css
    text/js
    text/xml
    text/javascript
    application/javascript
    application/x-javascript
    application/json
    application/xml
    application/rss+xml
    image/svg+xml;

    tcp_nodelay on;

    sendfile        off;

    server_names_hash_bucket_size 128;
    map_hash_bucket_size 64;

## Start: Timeouts ##
    client_body_timeout   10;
    client_header_timeout 10;
    keepalive_timeout     30;
    send_timeout          10;
    keepalive_requests    10;
## End: Timeouts ##

	
	
## Default Listening ##

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
	  
	  return 301 https://$host$request_uri;
}	

##EMBY Server##

server {
listen [::]:80;
listen 80;
listen [::]:443 ssl;
listen 443 ssl;
server_name mydomain.com;  #your subdomain.domainname.com here

ssl_session_timeout 30m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate      SSL/cert.pem;
ssl_certificate_key  SSL/private.key;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
		
proxy_hide_header X-Powered-By;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff"  always;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header 'Referrer-Policy' 'no-referrer';

add_header Content-Security-Policy "frame-ancestors mydomain.com;";   #add your domainname and all subdomains listed on your cert
		

location / {
proxy_pass http://127.0.0.1:8096; # Local emby ip and non SSL port

proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#Next three lines allow websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}


}


#6 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2935 posts
  • Local time: 05:40 AM
  • LocationChicago

Posted 31 May 2018 - 11:38 PM

looks ok, pm me your emby domain name if you want.  



#7 garrettjones331 OFFLINE  

garrettjones331

    Newbie

  • Members
  • 9 posts
  • Local time: 07:40 AM

Posted 31 May 2018 - 11:42 PM

PM'd



#8 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2935 posts
  • Local time: 05:40 AM
  • LocationChicago

Posted 31 May 2018 - 11:45 PM

comment out this line:      #add_header Content-Security-Policy "frame-ancestors mydomain.com;"; #add your domain name and all subdomains listed on your cert

restart nginx and see what happens..    you left this set to "mydomain.com" and "emby.mydomain.com"    just comment it out until you get things working. 



#9 garrettjones331 OFFLINE  

garrettjones331

    Newbie

  • Members
  • 9 posts
  • Local time: 07:40 AM

Posted 31 May 2018 - 11:48 PM

I actually had that corrected in my version, I just changed it back for what I uploaded.  I commented it out anyway and it's still not working.



#10 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2935 posts
  • Local time: 05:40 AM
  • LocationChicago

Posted 31 May 2018 - 11:52 PM

I actually had that corrected in my version, I just changed it back for what I uploaded.  I commented it out anyway and it's still not working.

 

You can get rid of the redirect for now so we can test. comment out the redirect section:

#server {
#    listen 80 default_server;
#    listen [::]:80 default_server;
#    server_name _;
#	  
#	  return 301 https://$host$request_uri;
#}

I'm still receiving it:  

Content-Security-Policy:
frame-ancestors mydomain.com emby.mydomain.com;


#11 garrettjones331 OFFLINE  

garrettjones331

    Newbie

  • Members
  • 9 posts
  • Local time: 07:40 AM

Posted 01 June 2018 - 12:02 AM

Ok, I did it



#12 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2935 posts
  • Local time: 05:40 AM
  • LocationChicago

Posted 01 June 2018 - 12:03 AM

Ok, I did it

 

its still redirecting, changes don't stick until you restart the nginx server software.  are you doing that after changes?



#13 garrettjones331 OFFLINE  

garrettjones331

    Newbie

  • Members
  • 9 posts
  • Local time: 07:40 AM

Posted 01 June 2018 - 12:04 AM

Yep



#14 garrettjones331 OFFLINE  

garrettjones331

    Newbie

  • Members
  • 9 posts
  • Local time: 07:40 AM

Posted 01 June 2018 - 12:05 AM

Actually, I'm stopping and starting the service, is that restarting it?



#15 pir8radio OFFLINE  

pir8radio

    NGINX

  • Members
  • 2935 posts
  • Local time: 05:40 AM
  • LocationChicago

Posted 01 June 2018 - 12:07 AM

should yea.   pm me your actual config.  something is not right.  but you already know that..  :-)



#16 garrettjones331 OFFLINE  

garrettjones331

    Newbie

  • Members
  • 9 posts
  • Local time: 07:40 AM

Posted 01 June 2018 - 12:12 AM

5b10c7be11909_Capture.png

Here's my server config as well



#17 tmirzaian OFFLINE  

tmirzaian

    Member

  • Members
  • 28 posts
  • Local time: 06:40 AM
  • LocationOklahoma

Posted 10 April 2019 - 11:02 PM

How did you guys resolve this?  My external users just started getting this error today.



#18 Luke OFFLINE  

Luke

    System Architect

  • Administrators
  • 142115 posts
  • Local time: 06:40 AM

Posted 11 April 2019 - 12:40 PM

How did you guys resolve this?  My external users just started getting this error today.


Hi you may want to post your nginx config for others to review. Thanks.





Also tagged with one or more of these keywords: reverse proxy, NGINX, SSL, https

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users