admin/honey-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5855678447a2a118ebf1ededdbe325ef65d65f5f
honey-be/scripts/fix-nginx-redirect-loop.md
Tihon 15498c8337
All checks were successful
Deploy to VPS / deploy (push) Successful in 52s
Details
Initial setup, cleanup, VPS setup
2026-03-07 23:11:31 +02:00

2.7 KiB
Raw Blame History

Fix 301 redirect loop (Certbot duplicate 443 block)

Cause

Certbot added a second HTTPS server block that only has:

  • location / { return 301 https://$host$request_uri; }
  • listen 443 ssl + SSL cert paths

That block is matched first for https://testforapp.website/, so every request gets 301 → same URL → loop. Your real HTTPS block (frontend, API, phpMyAdmin) is never used for /.

Fix on VPS

  1. Open the site config

    sudo nano /etc/nginx/sites-enabled/testforapp.website

  2. Find and remove the Certbot-only HTTPS block

    Look for a block that looks like this (it may be at the top of the file, before the map and your big HTTPS server):

    server {
    server_name testforapp.website;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/testforapp.website/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/testforapp.website/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

    Delete this entire server { ... } block (from server { through the closing }).

  3. Ensure your main HTTPS block has SSL and listen

    Find your main HTTPS server (the one with # HTTPS server, root /opt/app/frontend/dist, all the location blocks). It must have at the top of that block (right after server {):

    • listen 443 ssl; and listen [::]:443 ssl;
    • ssl_certificate and ssl_certificate_key (and optionally include /etc/letsencrypt/options-ssl-nginx.conf; and ssl_dhparam)

    If those lines are missing, add them (copy from the block you deleted):

    server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name testforapp.website;
    ssl_certificate /etc/letsencrypt/live/testforapp.website/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/testforapp.website/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # ... rest of your config (root, locations, etc.)
}

  4. Test and reload

    sudo nginx -t && sudo systemctl reload nginx

  5. Verify

    curl -I -k https://127.0.0.1/ -H "Host: testforapp.website"

    You should see 200 OK (or 304) and no Location header, and https://testforapp.website/ should load in the browser.

Reference in New Issue View Git Blame Copy Permalink