tags:

views:

61

answers:

1
Q: 

nginx + SslRequirement + mongrel cluster = infinite redirect loop

I'm getting an infinite redirect loop after adding SSL support to my site. I'm using the "SslRequirement" plugin.

The symptoms I'm seeing are, any action that has "ssl_required" enabled, and any URL I type in manually that has https at the front, goes into an infinite loop, with the following in the development.log file, over and over until the browser catches the redirect loop and stops the loading of the page ("/admins/index" is the action in this example, but it happens with any action):

Processing AdminsController#index (for 127.0.0.1 at 2010-08-13 13:50:16) [GET]
  Parameters: {"action"=>"index", "controller"=>"admins"}
Redirected to https://localhost/admins
Filter chain halted as [:ensure_proper_protocol] rendered_or_redirected.
Completed in 0ms (DB: 0) | 302 Found [http://localhost/admins]

At first I thought there was some kind of problem where I had to make ALL of my actions "ssl_allowed" - so I tried that, but to no avail.

IF I remove the use of SslRequirement, and remove any "ssl_required/ssl_allowed" references, then https works fine - so it's the redirect in actions from http to https that seems to be the issue.

Any clues?

A: 

Answer found here:

http://www.hostingrails.com/SSL-Redirecting-not-working

Short version is, I added the following line to the SSL vhost in my nginx config:

proxy_set_header X_FORWARDED_PROTO https;

Detailed version is:

Basically the issue came down to the nginx server not passing the fact that the source request was an HTTPS protocol on to the Mongrel cluster. This caused the call to "request.ssl?" inside the SslRequirement plugin to ALWAYS return false.

So, when this returned as false, the "ensure_proper_protocol" would re-issue the action over https, which would check "request.ssl?", which would return "false", which would re-issue the action over https, which would check "request.ssl?", which would return "false", which would re-issue the action over https, which would check "request.ssl?", which would return "false", which would re-issue the action over https, which would check "request.ssl?", which would return "false", which would re-issue the action over https ...

...you get the idea. The mongrel cluster NEVER thought the request was over the HTTPS protocol, so it redirected forever. A small change in the nginx config to correct this, and BAM-O: problem solved.

normalocity  2010-08-13 20:17:53

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL