Question 97915 in Nginx Question posted in
The official documentation can be found here.

301 loop when enabling SSL with Nginx on nopCommerce 4.50

I have a working Nginx installation that has successfully served an index.html with SSL with no problems.

When I point it toward my nopCommerce 4.50 site on the same machine, the nopcommerce site now works with SSL. However, all links on the page as well as resources still use http and firefox gives a warning that "Parts of this page are not secure"

To attempt to fix that, I have changed the url and enabled SSL in the nop settings.

When I did that, the site now infinitely redirects to itself. For instance, accessing https://mynopcommerce.com returns a 301 redirecting to https://mynopcommerce.com. To get the site working again, I have to manually disable SSL in the nop database.

I have tried all fixes for this issue as suggested by https://docs.nopcommerce.com/en/getting-started/advanced-configuration/how-to-install-and-configure-ssl-certification.html#troubleshooting

  • I have set "UseHttpXForwardedProto" to true in the appsettings.json
  • I have cleared browser/server/proxy cookies and cache.
  • I am not using cloudflare, dns, or any other proxy services other than nginx as the reverse proxy.

My nginx server block:

server {
    listen 443 ssl;
    server_name mynopcommerce.com;

    ssl_certificate /etc/letsencrypt/live/mynopcommerce.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mynopcommerce.com/privkey.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    location / {
        proxy_pass         http://nopcommerce_web; # DNS resolves name to nop server
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

I believe it might be related to the fact that nginx is handling SSL. And with SSL enabled on nop, the non-ssl communication between nop and nginx may make nop return a 301 to the https version of the site, not knowing that it’s already on it?

This is the log from nginx and nop during 1 request. (It loops this until error)

nopcommerce_nginx      | [03/Apr/2022:21:07:00 +0000] "GET / HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0" "-"
nopcommerce_web        | {"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request starting HTTP/1.1 GET http://mynopcommerce.com/ - -","State":{"Message":"Request starting HTTP/1.1 GET http://mynopcommerce.com/ - -","Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"mynopcommerce.com","PathBase":"","Path":"/","QueryString":""}}
nopcommerce_web        | {"EventId":0,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executing endpoint u0027Nop.Web.Controllers.HomeController.Index (Nop.Web)u0027","State":{"Message":"Executing endpoint u0027Nop.Web.Controllers.HomeController.Index (Nop.Web)u0027","EndpointName":"Nop.Web.Controllers.HomeController.Index (Nop.Web)","{OriginalFormat}":"Executing endpoint u0027{EndpointName}u0027"}}
nopcommerce_web        | {"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Route matched with {action = u0022Indexu0022, controller = u0022Homeu0022, area = u0022u0022}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.HomeController (Nop.Web).","State":{"Message":"Route matched with {action = u0022Indexu0022, controller = u0022Homeu0022, area = u0022u0022}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.HomeController (Nop.Web).","RouteData":"{action = u0022Indexu0022, controller = u0022Homeu0022, area = u0022u0022}","MethodInfo":"Microsoft.AspNetCore.Mvc.IActionResult Index()","Controller":"Nop.Web.Controllers.HomeController","AssemblyName":"Nop.Web","{OriginalFormat}":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName})."}}
nopcommerce_web        | {"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Authorization failed for the request at filter u0027Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttributeu002BHttpsRequirementFilteru0027.","State":{"Message":"Authorization failed for the request at filter u0027Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttributeu002BHttpsRequirementFilteru0027.","AuthorizationFilter":"Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttributeu002BHttpsRequirementFilter","{OriginalFormat}":"Authorization failed for the request at filter u0027{AuthorizationFilter}u0027."}}
Tags:

2

Answers


  1. 0

    Since version 4.50, nopCommerce has changed this API. You should use the UseProxy option (set to true value) in appSettings.json file instead of the UseHttpXForwardedProto.

    Login or Signup to reply.
  2. 0

    You can clear KnownNetworks and KnownProxies in ForwardedHeadersOptions or set ASPNETCORE_FORWARDEDHEADERS_ENABLED to true that does the same. See more here. This answer also can help.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search