Force SSL goes to infinite redirects


#1

Hello all,

When setting force_ssl = 1 the application goes into an infinite redirecting loop. The browser stops when it notices he’s going nowhere.
Piwik is installed on Nginx, HTTPs is enabled and working, certificate is OK.
Has anyone gone through this matter?

Thanks

Axel


(Matthieu Aubry) #2

Likely this is a server configuration error. are you using reverse proxy or so? maybe the HTTPS flag is not set in the header? please report if you find the cause of the bug as I’d like to update FAQ to mention this troubleshooting tip!


#3

Hi Matt,

I guess you’re right about the Header, I don’t think Nginx is setting anything.
Here are the response headers for an HTTPs piwik page:


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 18 Feb 2014 08:26:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=14
Vary: Accept-Encoding
Content-Encoding: gzip

No trace of SSL related header. What header should it be?
About the redirect, I would expect Piwik to check also the port (443) to avoid infinite loop.

Anyways, it is working on my system now:

  1. nginx listens on port 80
    it redirect all requests on port 443

  2. nginx listens on port 443
    it hosts the Piwik app

  3. piwik is configured to use SSL
    I found by chance this setting:


[General]
assume_secure_protocol = 1

Now everything works except that Nginx DOES the redirect to HTTPs instead of Piwik but it doesn’t matter to me.

Thanks

Axel


#4

I was getting this too. My site was using nginx and I configure piwik on a SSL site, but the non-https site just get the default nginx install web page. This is prevent drive by scirpt kiddies scanning for piwik sites. The problem that started all of this was broken images in the report, viewing page source reveled absolute links using http and not https.


#5

Had the same issue, nginx is handling the redirect now. So piwik always runs on https.


[General]
assume_secure_protocol = 1

Indeed fixed it for me, thanks for sharing.