1

this is my site-available nginx configuration for flask application

server {
    listen                     80;
    server_name                _;
    access_log                 /var/log/nginx/nginx_access.log;
    error_log                  /var/log/nginx/nginx_error.log;
    rewrite ^ https://$http_host$request_uri? permanent;
}

server {
    listen                     443;
    server_name                _;
    access_log                 /var/log/nginx/nginx_access.log;
    error_log                  /var/log/nginx/nginx_error.log;

    ssl                        on;
    ssl_certificate            /etc/nginx/ssl/<redacted>.pem;
    ssl_certificate_key        /etc/nginx/ssl/<redacted>.key;
    ssl_session_timeout        5m;
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass             http://127.0.0.1:5000;
        proxy_redirect         off;
        proxy_set_header       Host $host;
        proxy_set_header       X-Real-IP $remote_addr;
        proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header       X-Forwarded-Proto $scheme;
        }
}

I have gone through the questions Nginx configuration leads to endless redirect loop and nginx redirect loop with ssl. I seem to have the configuration specified in them already.

EDIT

Flask application is running via gunicorn/supervisord

Supervisor config.conf

[program:config]
command=/usr/local/bin/gunicorn run:app --config /etc/gunicorn/gunicorn.conf --preload
directory=/srv/<application>
autostart=true
autorestart=true
startretries=10
stderr_logfile = /var/log/supervisord/<application>-stderr.log
stdout_logfile = /var/log/supervisord/<application>-stdout.log
user=root

Gunicorn gunicorn.conf

bind = '0.0.0.0:5000'
backlog = 2048
workers = 3
worker_class = 'sync'
worker_connections = 1000
timeout = 30
keepalive = 2
accesslog='/var/log/gunicorn/gunicorn_access.log'
errorlog='/var/log/gunicorn/gunicorn_error.log'
pidfile = '/tmp/gunicorn.pid'
loglevel = 'debug'

Flask Application

run.py

from app import app
from app import views

if __name__ == '__main__':
    app.run(host='0.0.0.0', debug=True)

view.py

from app import app, session
from flask import render_template, json, jsonify
import datetime



@app.route("/hello/")
def render_templates():
    return render_template("display.html")

(... other code ..)

NB: I have an ELB in front of the flask application. 80 and 443 ports are open.

Input: https://example.com/hello/ Output: Redirected Loop

Any help will be appreciated.Thanks in advance.

Improve this question
10
  • No. the backend doesn't redirect. @JoeDoherty Commented Oct 12, 2015 at 9:59
  • 1
    Post your flask code for the endpoint. Commented Oct 12, 2015 at 10:20
  • I'm not seeing a redirect loop BTW, I'm get connection refused. Is the loop only present behind the ELB? Commented Oct 12, 2015 at 10:26
  • sorry for the wrong address. I have changed it to example.com. Site is internal to the company. Hence can't publish it here. Commented Oct 12, 2015 at 10:29
  • Ok no problem. We are going to need to see the Flask config and some code though. Can't see any dramas in the above. Commented Oct 12, 2015 at 13:15

1 Answer 1

Reset to default
2

I did figure out the issue.

The nginx configuration should have been 

server {
    listen                     80;
    server_name                _;
    access_log                 /var/log/nginx/nginx_access.log;
    error_log                  /var/log/nginx/nginx_error.log;

    location / {
        proxy_pass             http://127.0.0.1:5000;
        proxy_set_header       Host $host;
        proxy_set_header       X-Real-IP $remote_addr;
        proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

As ELB does an unloading of HTTPS encryption to HTTP request , my previous configuration was redirecting all my HTTP requests into HTTPS.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.