Rocket.chat: Enabling "Force SSL" + nginx reverse proxy makes the cyclic forwarding error
Your Rocket.Chat version: 0.24.0
After enabling "Force SSL" I cannot login to the chat. How can I disable this setting in database or config file? I have not found this settings in the rocketchat_settings collection
zxweed
All 9 comments
This might have something to do with what env variables are beeing passed down from nginx site config towards RocketChat. What is your nginx site/upstream configuration?
corecache
on 3 Apr 2016
I have used official manual to deploy the configuration - https://www.digitalocean.com/community/tutorials/how-to-install-configure-and-deploy-rocket-chat-on-ubuntu-14-04,
but I make 80 the default port for chat :
export PORT=80
export MONGO_URL=mongodb://localhost:27017/rocketchat
export ROOT_URL=http://quantquant.chat
âž” +----------------------------------------+
âž” | SERVER RUNNING |
âž” +----------------------------------------+
âž” | Version: 0.24.0 |
âž” | Process Port: 80 |
âž” | Site URL: http://quantquant.chat |
# Upstreams
upstream backend {
server 127.0.0.1:80;
}
server {
listen 443;
server_name quantquant.chat;
error_log /var/log/nginx/rocketchat.access.log;
ssl on;
ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/certificate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
location / {
proxy_pass http://quantquant.chat:80/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
PS: I have temporary changed the port of chat to 3000 (+backend and proxy_pass parameters) with the same results - ERR_TOO_MANY_REDIRECTS
zxweed
on 3 Apr 2016
@zxweed: what happens if you set the set IP in proxy_pass?
k0nsl
on 3 Apr 2016
@k0nsl, thank you, I have put the IP-address in the line
proxy_pass http://127.0.0.1
and the problem was solved.
Can you request the manual (https://github.com/RocketChat/Rocket.Chat/wiki/Run-Rocket.Chat-behind-a-SSL-Reverse-Proxy) change? There is the example with hostname, not the digital IP-address:
location / {
proxy_pass http://your_hostname.com:3000/;
zxweed
on 3 Apr 2016
And the last question is - how can I disable the "Force SSL" setting in database without dropping of it?
zxweed
on 3 Apr 2016
A small external independent helper utility might help set generic database entries in the future
corecache
on 4 Apr 2016
"Force SSL" should never be used with reverse proxy. If you have a reverse proxy, you should do the redirect THERE. We only added the option to do "Force SSL" at the application level, for deployments like Heroku, that does not allow you to configure the redirect at the reverse proxy.
@rodrigok can you please add a description bellow the field on the admin panel?
engelgabriel
on 4 Apr 2016
@unixfox:
In the configuration example you gave it shows you're proxying to a IP, not hostname.
k0nsl
on 5 Apr 2016
Related issues
danpospisil
·
3Comments
neha1deshmukh
·
3Comments
Kiran-Rao
·
3Comments
tanc
·
3Comments
engelgabriel
·
3Comments