Mailcow-dockerized: ERR_TOO_MANY_REDIRECTS redirect loop error with dockerized reverse proxy

Created on 5 Feb 2018 · 10Comments · Source: mailcow/mailcow-dockerized

Hi,

I upgraded two days ago to latest master branch (last time was around end of ~~December~~ January).
I thought everything had worked fine but now that I'm trying to access mailcow webui and Sogo, I see webserver is not working correctly. Chrome says: "ERR_TOO_MANY_REDIRECTS". Before mailcow webui was fine. Other web apps under other servers are working fine.

Mailcow webserver is behing a reverse proxy which is in another container.

Here is Mailcow-nginx logs:

2018/02/05 04:51:49 [warn] 8#8: conflicting server name "mail2.trebaxis.net" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "mail2.trebaxis.net" on 0.0.0.0:80, ignored
2018/02/05 04:51:49 [warn] 8#8: conflicting server name "autodiscover.*" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "autodiscover.*" on 0.0.0.0:80, ignored
2018/02/05 04:51:49 [warn] 8#8: conflicting server name "autoconfig.*" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "autoconfig.*" on 0.0.0.0:80, ignored
2018/02/05 04:51:49 [warn] 8#8: conflicting server name "mail2.trebaxis.net" on [::]:80, ignored
nginx: [warn] conflicting server name "mail2.trebaxis.net" on [::]:80, ignored
2018/02/05 04:51:49 [warn] 8#8: conflicting server name "autodiscover.*" on [::]:80, ignored
nginx: [warn] conflicting server name "autodiscover.*" on [::]:80, ignored
2018/02/05 04:51:49 [warn] 8#8: conflicting server name "autoconfig.*" on [::]:80, ignored
nginx: [warn] conflicting server name "autoconfig.*" on [::]:80, ignored
2018/02/05 04:51:52 [warn] 1#1: conflicting server name "mail2.trebaxis.net" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "mail2.trebaxis.net" on 0.0.0.0:80, ignored
2018/02/05 04:51:52 [warn] 1#1: conflicting server name "autodiscover.*" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "autodiscover.*" on 0.0.0.0:80, ignored
2018/02/05 04:51:52 [warn] 1#1: conflicting server name "autoconfig.*" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "autoconfig.*" on 0.0.0.0:80, ignored
2018/02/05 04:51:52 [warn] 1#1: conflicting server name "mail2.trebaxis.net" on [::]:80, ignored
nginx: [warn] conflicting server name "mail2.trebaxis.net" on [::]:80, ignored
2018/02/05 04:51:52 [warn] 1#1: conflicting server name "autodiscover.*" on [::]:80, ignored
nginx: [warn] conflicting server name "autodiscover.*" on [::]:80, ignored
2018/02/05 04:51:52 [warn] 1#1: conflicting server name "autoconfig.*" on [::]:80, ignored
nginx: [warn] conflicting server name "autoconfig.*" on [::]:80, ignored
fd4d:6169:6c63:6f77::1 - - [05/Feb/2018:04:51:54 +0000] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "-"
fd4d:6169:6c63:6f77::1 - - [05/Feb/2018:04:51:54 +0000] "GET /forwardinghosts.php HTTP/1.1" 200 27 "-" "-"
172.22.1.13 - - [05/Feb/2018:04:51:54 +0000] "HEAD /settings.php HTTP/1.1" 200 0 "-" "-"
172.22.1.13 - - [05/Feb/2018:04:51:54 +0000] "GET /settings.php HTTP/1.1" 200 602 "-" "-"
172.22.1.12 - - [05/Feb/2018:04:51:57 +0000] "GET / HTTP/1.1" 301 178 "-" "curl/7.57.0" "-"
172.22.1.13 - - [05/Feb/2018:04:52:30 +0000] "HEAD /settings.php HTTP/1.1" 200 0 "-" "-"
fd4d:6169:6c63:6f77::1 - - [05/Feb/2018:04:52:48 +0000] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "-"
172.22.1.13 - - [05/Feb/2018:04:53:25 +0000] "HEAD /settings.php HTTP/1.1" 200 0 "-" "-"
172.22.1.13 - - [05/Feb/2018:04:53:25 +0000] "GET /settings.php HTTP/1.1" 200 602 "-" "-"
172.22.1.13 - - [05/Feb/2018:04:53:29 +0000] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "-"
fd4d:6169:6c63:6f77::1 - - [05/Feb/2018:04:53:29 +0000] "GET /forwardinghosts.php HTTP/1.1" 200 27 "-" "-"

And here is tonight's reverse proxy logs (Caddy webserver):

2018/02/05 00:04:37 http: TLS handshake error from 159.89.36.240:49008: read tcp 172.18.0.4:443->159.89.36.240:49008: read: connection reset by peer
2018/02/05 00:05:36 [INFO]  - No such site at :80 (Remote: 185.96.232.81, Referer: )
2018/02/05 00:05:46 [INFO]  - No such site at :80 (Remote: 185.96.232.81, Referer: )
2018/02/05 00:06:19 [INFO] 149.56.200.60 - No such site at :443 (Remote: 164.132.91.13, Referer: )
2018/02/05 00:06:36 [INFO]  - No such site at :80 (Remote: 185.96.232.81, Referer: )
2018/02/05 00:06:37 [INFO]  - No such site at :80 (Remote: 185.96.232.81, Referer: )
2018/02/05 00:23:59 [INFO]  - No such site at :80 (Remote: 66.118.142.165, Referer: )
2018/02/05 00:48:19 [INFO] Scanning for stale OCSP staples
2018/02/05 00:48:19 [INFO] Done checking OCSP staples
2018/02/05 01:48:19 [INFO] Scanning for stale OCSP staples
2018/02/05 01:48:19 [INFO] Done checking OCSP staples
2018/02/05 01:59:57 [INFO] 149.56.200.60 - No such site at :443 (Remote: 60.191.38.77, Referer: )
2018/02/05 02:09:46 [INFO] www - No such site at :80 (Remote: 63.246.129.99, Referer: )
2018/02/05 02:11:56 [INFO] 149.56.200.60 - No such site at :80 (Remote: 195.22.127.249, Referer: )
2018/02/05 02:33:55 http: TLS handshake error from 62.233.65.182:54514: EOF
2018/02/05 02:34:10 http: TLS handshake error from 62.233.65.182:50886: EOF
2018/02/05 02:34:26 http: TLS handshake error from 62.233.65.182:51958: EOF
2018/02/05 02:36:20 http: TLS handshake error from 42.236.10.106:18332: EOF
2018/02/05 02:48:19 [INFO] Scanning for stale OCSP staples
2018/02/05 02:48:19 [INFO] Done checking OCSP staples
2018/02/05 03:24:15 [INFO] -c - No such site at :80 (Remote: 122.152.205.62, Referer: )
2018/02/05 03:48:19 [INFO] Scanning for stale OCSP staples
2018/02/05 03:48:19 [INFO] Done checking OCSP staples
2018/02/05 04:48:19 [INFO] Scanning for stale OCSP staples
2018/02/05 04:48:19 [INFO] Done checking OCSP staples

Thanks for your help.

Source

jpbaril

Most helpful comment

I will try to reproduce it now.

andryyy on 9 Feb 2018

👍2

All 10 comments

Can you please try the nginx config from dev?

wget -O data/conf/nginx/site.conf https://raw.githubusercontent.com/mailcow/mailcow-dockerized/dev/data/conf/nginx/site.conf

Restart nginx-mailcow afterwards.

andryyy on 5 Feb 2018

Not working.

jpbaril on 5 Feb 2018

There must be something that changed in mailcow that now makes it incompatible with the reverse proxy (itself in a container, not directly on the host). As previously said, it worked before last mailcow update.

If I stop the reverse proxy and bind mailcow directly to the host it surely works.

I even tried to point the proxy to domain.com:8080 but I get same ERR_TOO_MANY_REDIRECTS error.

Again, here are some logs from mailcow_nginx:

172.22.1.12 - - [07/Feb/2018:04:29:36 +0000] "HEAD /settings.php HTTP/1.1" 200 0 "-" "-"
fd4d:6169:6c63:6f77::1 - - [07/Feb/2018:04:29:38 +0000] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "-"
104.163.162.28 - - [07/Feb/2018:04:29:51 +0000] "PROPFIND /SOGo/ HTTP/1.1" 302 154 "-" "CalDAV-Sync/0.4.32 (Google; walleye; Android 8.1.0; fr_CA; org.dmfs.caldav.lib/748; like iOS/5.0.1 (9A405) dataaccessd/1.0)"
104.163.162.28 - - [07/Feb/2018:04:29:51 +0000] "PROPFIND /SOGo/ HTTP/1.1" 302 154 "-" "CalDAV-Sync/0.4.32 (Google; walleye; Android 8.1.0; fr_CA; org.dmfs.caldav.lib/748; like iOS/5.0.1 (9A405) dataaccessd/1.0)"
104.163.162.28 - - [07/Feb/2018:04:29:52 +0000] "OPTIONS /SOGo/dav/[email protected]/Calendar/20F-5959D800-9-2715B240/ HTTP/1.1" 302 154 "-" "CalDAV-Sync/0.4.32 (Google; walleye; Android 8.1.0; fr_CA; org.dmfs.caldav.lib/748; like iOS/5.0.1 (9A405) dataaccessd/1.0)"
104.163.162.28 - - [07/Feb/2018:04:29:52 +0000] "OPTIONS /SOGo/dav/[email protected]/Calendar/20F-5959D800-9-2715B240/ HTTP/1.1" 302 154 "-" "CalDAV-Sync/0.4.32 (Google; walleye; Android 8.1.0; fr_CA; org.dmfs.caldav.lib/748; like iOS/5.0.1 (9A405) dataaccessd/1.0)"
172.22.1.12 - - [07/Feb/2018:04:30:18 +0000] "HEAD /settings.php HTTP/1.1" 200 0 "-" "-"
fd4d:6169:6c63:6f77::1 - - [07/Feb/2018:04:30:18 +0000] "GET /settings.php HTTP/1.1" 200 602 "-" "-"
172.22.1.12 - - [07/Feb/2018:04:30:28 +0000] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "-"
fd4d:6169:6c63:6f77::1 - - [07/Feb/2018:04:30:28 +0000] "GET /forwardinghosts.php HTTP/1.1" 200 27 "-" "-"
104.163.162.28 - - [07/Feb/2018:04:30:45 +0000] "PROPFIND /SOGo/ HTTP/1.1" 302 154 "-" "CalDAV-Sync/0.4.32 (Google; walleye; Android 8.1.0; fr_CA; org.dmfs.caldav.lib/748; like iOS/5.0.1 (9A405) dataaccessd/1.0)"
104.163.162.28 - - [07/Feb/2018:04:30:45 +0000] "PROPFIND /SOGo/ HTTP/1.1" 302 154 "-" "CalDAV-Sync/0.4.32 (Google; walleye; Android 8.1.0; fr_CA; org.dmfs.caldav.lib/748; like iOS/5.0.1 (9A405) dataaccessd/1.0)"
104.163.162.28 - - [07/Feb/2018:04:30:46 +0000] "OPTIONS /SOGo/dav/[email protected]/Calendar/20F-5959D800-9-2715B240/ HTTP/1.1" 302 154 "-" "CalDAV-Sync/0.4.32 (Google; walleye; Android 8.1.0; fr_CA; org.dmfs.caldav.lib/748; like iOS/5.0.1 (9A405) dataaccessd/1.0)"
104.163.162.28 - - [07/Feb/2018:04:30:46 +0000] "OPTIONS /SOGo/dav/[email protected]/Calendar/20F-5959D800-9-2715B240/ HTTP/1.1" 302 154 "-" "CalDAV-Sync/0.4.32 (Google; walleye; Android 8.1.0; fr_CA; org.dmfs.caldav.lib/748; like iOS/5.0.1 (9A405) dataaccessd/1.0)"
104.163.162.28 - - [07/Feb/2018:04:30:46 +0000] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0"
104.163.162.28 - - [07/Feb/2018:04:30:46 +0000] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0"

Can I provide something else to help diagnose?

Thanks

jpbaril on 7 Feb 2018

I double-checked and my previous update was in fact on January 20, so that narrows down what could possibly cause the issue.

In the meantime I reverted to January 20 code with a git checkout and everything works again.

jpbaril on 7 Feb 2018

Thanks for giving the date where it still works. I experienced the same issue a couple days ago and couldn't resolve it so I will try the January 20 code next:-)