Join Log in
Score:0
avatar Server

Apache Redirect for HTTPS (Nextcloud) leads to redirect loop

co flag
bignose

How can I correctly configure Nextcloud and Apache, to have correct URL redirection?

I have configured Apache for redirection of HTTP to HTTPS, using a simple Redirect directive:

<VirtualHost *:80>
    ServerName "example.com"
    Redirect permanent "/" "https://example.com/"
</VirtualHost>  # *:80

<VirtualHost *:443>
    ServerName "example.com"
    ServerAdmin "[email protected]"

    SSLEngine On
    SSLCertificateFile "/etc/ssl/certs/example.com/server.cert.fullchain.pem"
    SSLCertificateKeyFile "/etc/ssl/private/example.private-key.pem"

    Alias "/nextcloud" "/srv/nextcloud/html"
    DocumentRoot "/srv/nextcloud/html"

    <Directory "/srv/nextcloud/html">
        Require all granted
        Options +FollowSymlinks
        AllowOverride all
        # …
    </Directory>  # /srv/nextcloud/html

</VirtualHost>  # *:443

NextCloud configuration specifies that it should (via automatically generated .htaccess file) rewrite URIs to drop the PHP module filename:

<?php
$CONFIG = array (
  // …
  'trusted_domains' => array (
    0 => 'example.com',
  ),
  'overwrite.cli.url' => 'https://example.com/nextcloud',
  'htaccess.RewriteBase' => '/nextcloud',
  // …
?>

The server fails to redirect, instead getting into a redirect loop. With LogLevel debug I see these error messages:

[Mon Nov 01 06:42:46.246002 2021] [ssl:info] [pid 68035] [client 198.51.100.38:55158] AH01964: Connection to child 7 established (server example.com:443)
[Mon Nov 01 06:42:46.246850 2021] [ssl:debug] [pid 68035] ssl_engine_kernel.c(2393): [client 198.51.100.38:55158] AH02043: SSL virtual host for servername example.com found
[Mon Nov 01 06:42:46.247069 2021] [core:debug] [pid 68035] protocol.c(2428): [client 198.51.100.38:55158] AH03155: select protocol from , choices=h2,http/1.1 for server example.com
[Mon Nov 01 06:42:46.365492 2021] [ssl:debug] [pid 68035] ssl_engine_kernel.c(2252): [client 198.51.100.38:55158] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_128_GCM_SHA256 (128/128 bits)
[Mon Nov 01 06:42:46.365893 2021] [socache_shmcb:debug] [pid 68035] mod_socache_shmcb.c(508): AH00831: socache_shmcb_store (0x01 -> subcache 1)
[Mon Nov 01 06:42:46.366041 2021] [socache_shmcb:debug] [pid 68035] mod_socache_shmcb.c(745): AH00842: expiring 1 and reclaiming 0 removed socache entries
[Mon Nov 01 06:42:46.366168 2021] [socache_shmcb:debug] [pid 68035] mod_socache_shmcb.c(765): AH00843: we now have 0 socache entries
[Mon Nov 01 06:42:46.366270 2021] [socache_shmcb:debug] [pid 68035] mod_socache_shmcb.c(862): AH00847: insert happened at idx=0, data=(0:32)
[Mon Nov 01 06:42:46.366369 2021] [socache_shmcb:debug] [pid 68035] mod_socache_shmcb.c(865): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/207
[Mon Nov 01 06:42:46.366466 2021] [socache_shmcb:debug] [pid 68035] mod_socache_shmcb.c(530): AH00834: leaving socache_shmcb_store successfully
[Mon Nov 01 06:42:46.370419 2021] [ssl:debug] [pid 68035] ssl_engine_kernel.c(415): [client 198.51.100.38:55158] AH02034: Initial (No.1) HTTPS request received for child 7 (server example.com:443)
[Mon Nov 01 06:42:46.371270 2021] [authz_core:debug] [pid 68035] mod_authz_core.c(815): [client 198.51.100.38:55158] AH01626: authorization result of Require all granted: granted
[Mon Nov 01 06:42:46.371449 2021] [authz_core:debug] [pid 68035] mod_authz_core.c(815): [client 198.51.100.38:55158] AH01626: authorization result of <RequireAny>: granted
[Mon Nov 01 06:42:46.371837 2021] [core:info] [pid 68035] [client 198.51.100.38:55158] AH00128: File does not exist: /srv/nextcloud/html/favicon.ico
[Mon Nov 01 06:42:46.372023 2021] [authz_core:debug] [pid 68035] mod_authz_core.c(815): [client 198.51.100.38:55158] AH01626: authorization result of Require all granted: granted
[Mon Nov 01 06:42:46.372108 2021] [authz_core:debug] [pid 68035] mod_authz_core.c(815): [client 198.51.100.38:55158] AH01626: authorization result of <RequireAny>: granted
[Mon Nov 01 06:42:46.373282 2021] [core:error] [pid 68035] [client 198.51.100.38:55158] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon Nov 01 06:42:46.373383 2021] [core:debug] [pid 68035] core.c(3947): [client 198.51.100.38:55158] AH00121: r->uri = /nextcloud/index.php
[Mon Nov 01 06:42:46.373461 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /nextcloud/index.php
[Mon Nov 01 06:42:46.373535 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /nextcloud/index.php
[Mon Nov 01 06:42:46.373608 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /nextcloud/index.php
[Mon Nov 01 06:42:46.373680 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /nextcloud/index.php
[Mon Nov 01 06:42:46.373754 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /nextcloud/index.php
[Mon Nov 01 06:42:46.373826 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /nextcloud/index.php
[Mon Nov 01 06:42:46.373898 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /nextcloud/index.php
[Mon Nov 01 06:42:46.373971 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /nextcloud/index.php
[Mon Nov 01 06:42:46.374044 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /nextcloud/
[Mon Nov 01 06:42:46.374116 2021] [core:debug] [pid 68035] core.c(3953): [client 198.51.100.38:55158] AH00122: redirected from r->uri = /favicon.ico
[Mon Nov 01 06:42:46.374214 2021] [headers:debug] [pid 68035] mod_headers.c(890): AH01503: headers: ap_headers_error_filter()

The intention is to use Nextcloud's configuration to rewrite its URLs nicely, and to use Apache Redirect to redirect HTTP requests to the equivalent HTTPS. What is wrong here, and how do I achieve this correctly?

239
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.