Nginx Reverse Proxy - Infinite Redirect

Description

I’m running into an issue where https://kf.domain.com/ is redirecting endlessly to the same address.
Related :#54
My architecture is this:

AWS Load balancer (443:https offloading) -> Nginx Reverse proxy (http:80) -> kobo tools docker (http:8080)

I’ve configured Kobo tools with SSL On and this happens. With SSL Off, i run into some other issues - like redirecting to http.

I am passing these relevant headers via nginx:

add_header       X-Served-By $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto  $scheme;
proxy_set_header X-Forwarded-For    $remote_addr;
proxy_pass       $forward_scheme://$server:$port;

Here is my config:

[xxx kobo-install]$ python3 run.py --setup
╔═══════════════════════════════════════════════════════════════╗
║ Welcome to KoBoInstall!                                       ║
║                                                               ║
║ You are going to be asked some questions that will            ║
║ determine how to build the configuration of `KoBoToolBox`.    ║
║                                                               ║
║ Some questions already have default values (within brackets). ║
║ Just press `enter` to accept the default value or enter `-`   ║
║ to remove previously entered value.                           ║
║ Otherwise choose between choices or type your answer.         ║
╚═══════════════════════════════════════════════════════════════╝
Where do you want to install?
[/apps/kobo-docker]:
Please confirm path [/apps/kobo-docker]
        1) Yes
        2) No
[1]:
Do you want to see advanced options?
        1) Yes
        2) No
[1]:
What kind of installation do you need?
        1) On your workstation
        2) On a server
[2]:
Please choose which network interface you want to use?
        eth0) xxx
        other) Other
[eth0]:
Do you want to use separate servers for frontend and backend?
        1) Yes
        2) No
[2]:
Public domain name [xxx.com]:
KPI sub domain [kf]:
KoBoCat sub domain [kc]:
Enketo Express sub domain name [ee]:
Do you want to use HTTPS?
        1) Yes
        2) No
[2]: 1
╔════════════════════════════════════════════════════════════════════╗
║ Please note that certificates must be installed on a reverse-proxy ║
║ or a load balancer.                                                ║
║ KoBoInstall can install one, if needed.                            ║
╚════════════════════════════════════════════════════════════════════╝
Auto-install HTTPS certificates with Let's Encrypt?
        1) Yes
        2) No - Use my own reserve-proxy/load-balancer
[2]: 2
Is your reverse-proxy/load-balancer installed on this server?
        1) Yes
        2) No
[1]: 2
Internal port used by reverse proxy?
[8080]:
SMTP server [xxx]:
SMTP port [587]:
SMTP user [xxx]:
SMTP password [BE/xxx]:
Use TLS?
        1) True
        2) False
[2]:
From email address [xxx]:
Super user's username [xxx]:
Super user's password [xxx]:
Docker Compose prefix? (leave empty for default):
Staging mode?
        1) Yes
        2) No
[2]:
KoBoCat PostgreSQL database name?
[xxx]:
KPI PostgreSQL database name?
[xxx]:
PostgreSQL user's username?
[xxx]:
PostgreSQL user's password?
[xxx]:
Do you want to tweak PostgreSQL settings?
        1) Yes
        2) No
[2]:

MongoDB root's username?
[xxx]: MongoDB root's password?
[xxxx]:
MongoDB user's username?
[xxx]:
MongoDB user's password?
[xxx]:
Redis password?
[xxx]:
Do you want to expose backend container ports (`PostgreSQL`, `MongoDB`, `redis`) ?
        1) Yes
        2) No
[1]:
╔═════════════════════════════════════════════════╗
║ WARNING! When exposing backend container ports, ║
║ it's STRONGLY recommended to use a firewall to  ║
║ grant access to frontend containers only.       ║
╚═════════════════════════════════════════════════╝
Do you want to customize service ports?
        1) Yes
        2) No
[2]:
Do you want to use AWS S3 storage?
        1) Yes
        2) No
[2]:
Google Analytics Identifier:
Google API Key:
Do you want to use Sentry?
        1) Yes
        2) No
[2]:
Do you want to tweak uWSGI settings?
        1) Yes
        2) No
[2]:
Do you want to activate backups?
        1) Yes
        2) No
[2]:

Steps to Reproduce

I listed the example I have above. Not sure if this exact scenario is easily reproducible or if its something I can easily fix.

Additional context

@roemhildtg did you configure the domain name with the subdomains?

1 Like

Yep I have all three subdomains being routed the same way through that ELB -> NGinx proxy -> Kobo machine.