Dragon Arrow written by Tatsuya Nakaji, all rights reserved animated-dragon-image-0164

「リダイレクトが多すぎます」でアクセスできない

Jul 19, 2019

「リダイレクトが多すぎます」でアクセスできない


環境


Amazon Linux 2
Rails 5.2.1
ruby 2.4.2
(アプリケーション、ウェブサーバー)
nginx version: nginx/1.12.2
unicorn 5.5.1
(ssl証明書)
python2-certbot-nginx 0.34.2-1.el7
certbot 0.34.2-3.el7
certbot-nginx 0.34.2-3.el7


発生している問題・エラーメッセージ

chromeにて https://[domain] にアクセスすると、「リダイレクトが多すぎます。クッキーを削除してください」というエラーが画面に出てページにアクセスできない。

クッキーを削除しても効果がない。


該当のソースコード


certbotで発行した証明書

(発行した証明書情報)
Certificate Name: [domain]
    Domains: [domain]
    Expiry Date: 2019-10-06 09:16:15+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/[domain]/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/[domain]/privkey.pem
certbot 0.34.2-3.el7certbot-nginx 0.34.2-3.el7


nginx設定ファイル

(/etc/nginx/conf.d/myapp.conf)
# log directory
error_log  /var/www/rails/myapp/log/nginx.error.log;
access_log /var/www/rails/myapp/log/nginx.access.log;
# max body size
client_max_body_size 2G;
upstream app_server {
  # for UNIX domain socket setups
  server unix:/var/www/rails/myapp/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
  server_name [domain] [IP];
  # nginx so increasing this is generally safe...
  keepalive_timeout 5;
  # path for static files
  root /var/www/rails/myapp/public;
  # page cache loading
  try_files $uri/index.html $uri.html $uri @app;
  location @app {
    # HTTP headers
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://app_server;
  }
  # Rails error pages
  error_page 500 502 503 504 /500.html;
  location = /500.html {
    root /var/www/rails/myapp/public;
  }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = [domain]) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  server_name [domain] [IP];
    return 404; # managed by Certbot


}


Railsの本番環境設定ファイル

(environments/production.rb)

Railsのconfig/environments/production.rbにて以下を追記

Rails.application.configure do
  ...
  config.force_ssl=true
  if Rails.application.config.force_ssl  
    Rails.application.routes.default_url_options[:protocol] = ‘https’
  end
end


解決策

nginx設定ファイル

に以下を書き込む

proxy_set_header X-Forwarded-Proto https;


(/etc/nginx/conf.d/myapp.conf)
# log directory
error_log  /var/www/rails/myapp/log/nginx.error.log;
access_log /var/www/rails/myapp/log/nginx.access.log;
# max body size
client_max_body_size 2G;
upstream app_server {
  # for UNIX domain socket setups
  server unix:/var/www/rails/myapp/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
  server_name [domain] [IP];
  # nginx so increasing this is generally safe...
  keepalive_timeout 5;
  # path for static files
  root /var/www/rails/myapp/public;
  # page cache loading
  try_files $uri/index.html $uri.html $uri @app;
  location @app {
    # HTTP headers
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://app_server;
  }
  # Rails error pages
  error_page 500 502 503 504 /500.html;
  location = /500.html {
    root /var/www/rails/myapp/public;
  }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = [domain]) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  server_name [domain] [IP];
    return 404; # managed by Certbot


}


かなり時間使ったが、結果はたったの1行で、エラーの悪夢が過ぎ去りました。

参考資料有難や!!


参考資料

https://joe-noh.hatenablog.com/entry/2016/10/28/075322

https://qiita.com/chanken/items/b6dc4a896f8cc1615f34