admin/honey-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

VPS setup
Some checks failed
Deploy to Railway / deploy (push) Has been cancelled
Details
Network Test / test_network (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Mykhailo Svishchov
2026-03-07 17:33:08 +02:00
parent b30d47c576
commit 82b9cfc8e3
5 changed files with 154 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
scripts/fix-nginx-redirect-loop.md Normal file
View File

@@ -0,0 +1,77 @@
# Fix 301 redirect loop (Certbot duplicate 443 block)
## Cause
Certbot added a **second** HTTPS server block that only has:
- `location / { return 301 https://$host$request_uri; }`
- `listen 443 ssl` + SSL cert paths
That block is matched first for `https://testforapp.website/`, so every request gets 301 → same URL → loop. Your real HTTPS block (frontend, API, phpMyAdmin) is never used for `/`.
## Fix on VPS
1. **Open the site config**
```bash
sudo nano /etc/nginx/sites-enabled/testforapp.website
```
2. **Find and remove the Certbot-only HTTPS block**
Look for a block that looks like this (it may be at the **top** of the file, before the `map` and your big HTTPS server):
```nginx
server {
server_name testforapp.website;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/testforapp.website/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/testforapp.website/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
```
**Delete this entire `server { ... }` block** (from `server {` through the closing `}`).
3. **Ensure your main HTTPS block has SSL and listen**
Find your main HTTPS server (the one with `# HTTPS server`, `root /opt/app/frontend/dist`, all the `location` blocks). It must have at the top of that block (right after `server {`):
- `listen 443 ssl;` and `listen [::]:443 ssl;`
- `ssl_certificate` and `ssl_certificate_key` (and optionally `include /etc/letsencrypt/options-ssl-nginx.conf;` and `ssl_dhparam`)
If those lines are missing, add them (copy from the block you deleted):
```nginx
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name testforapp.website;
ssl_certificate /etc/letsencrypt/live/testforapp.website/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/testforapp.website/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# ... rest of your config (root, locations, etc.)
}
```
4. **Test and reload**
```bash
sudo nginx -t && sudo systemctl reload nginx
```
5. **Verify**
```bash
curl -I -k https://127.0.0.1/ -H "Host: testforapp.website"
```
You should see `200 OK` (or `304`) and no `Location` header, and https://testforapp.website/ should load in the browser.