ERR_TOO_MANY_REDIRECTS

[habnai]

Hi
Everything work great but when I setup ghost private with password from the dashboard i get error. ERR_TOO_MANY_REDIRECTS , when enter website,any solution thank you

[hwdsl2]

@habnai Thanks for the report. Are you using ModSecurity or Naxsi? Please post the relevant lines in your /opt/nginx/logs/error.log.

[habnai]

hi, i am using ModSecurity this is the log

2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^PRUM_EPISODES/']
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Trying to append variable name [ARGS] value [token]
2016/09/11 15:08:57 [info] 2258#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity for nginx (STABLE)/2.9.0 (http://www.modsecurity.org/) configured.
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity: PCRE compiled version="8.35 "; loaded version="8.35 2014-04-04"
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity: LIBXML compiled version="2.9.1"
2016/09/11 15:08:57 [notice] 2258#0: ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^PRUM_EPISODES/']
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Successfully appended variable
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Trying to append variable name [REQUEST_COOKIES] value ['/^CFGLOBALS/']
2016/09/11 15:08:57 [info] 2285#0:  ModSecurity: Successfully appended variable

[hwdsl2]

@habnai Your log looks normal. Sorry I am traveling and cannot look into this further today.

[habnai]

no problem i will try to find whats the problem and give you note. good travel :)

[habnai]

Hi i think i found the problem its in nginx config i removed proxy_set_header X-Forwarded-Proto $scheme;nginx-modsecurity-include.conf, and from naxsi also, i tested it after and all worked good with https and with http so i dont know why exacly this make error.

[hwdsl2]

@habnai First, thank you for finding the problem and contributing with your pull request.

This line in the Nginx config file, proxy_set_header X-Forwarded-Proto $scheme; is required so that Ghost blog can learn whether the user is visiting via HTTP or HTTPS. This could avoid "redirect loops" when Ghost blog is set to force HTTPS. Please refer to TryGhost/Ghost#2796.

Therefore generally I don't think removing that line is a good idea, although it does seems to help for your use case.

[habnai]

Hi, you have right,i back it and keep looking for the problem.

[hwdsl2]

@habnai Thank you. I think as long as the workaround works fine for you and you don't force HTTPS, feel free to continue using it. I don't want to take too much of your time on this : )

[habnai]

I dont like workaround somthing :),i like it clear i use https for all blog ,just for this issue maybe its bug in ghost.i Will see and Good work

[hwdsl2]

@habnai After further troubleshooting, the underlying cause of this issue has been identified. It is solely caused by the caching of HTTP 302 reponses in the Nginx configuration. For password-protected blogs, visiting the blog home page will be redirected (302) to "/private" for authentication. After that the user is redirected back (302) to the home page. However, because there is an existing 302 redirect cached for the home page, a redirect loop is created.

To resolve this issue, simply edit all Nginx config files and replace this line proxy_cache_valid 200 302 10m; with proxy_cache_valid 200 10m;. Or you may run these commands:

sed -i "s/proxy_cache_valid 200 302 10m;/proxy_cache_valid 200 10m;/" /opt/nginx/conf/nginx*.conf
service nginx restart

No other changes to the Nginx config files are required. You can revert the proxy_set_header X-Forwarded-Proto change if needed.