Enabling "Force SSL" + nginx reverse proxy makes the cyclic forwarding error

[zxweed]

Your Rocket.Chat version: 0.24.0
After enabling "Force SSL" I cannot login to the chat. How can I disable this setting in database or config file? I have not found this settings in the rocketchat_settings collection

[konsumate]

This might have something to do with what env variables are beeing passed down from nginx site config towards RocketChat. What is your nginx site/upstream configuration?

[zxweed]

I have used official manual to deploy the configuration - https://www.digitalocean.com/community/tutorials/how-to-install-configure-and-deploy-rocket-chat-on-ubuntu-14-04,

but I make 80 the default port for chat :

export PORT=80
export MONGO_URL=mongodb://localhost:27017/rocketchat
export ROOT_URL=http://quantquant.chat

➔ +----------------------------------------+
➔ |             SERVER RUNNING             |
➔ +----------------------------------------+
➔ |       Version: 0.24.0                  |
➔ |  Process Port: 80                      |
➔ |      Site URL: http://quantquant.chat  |

# Upstreams
upstream backend {
    server 127.0.0.1:80;
}

server {
    listen 443;
    server_name quantquant.chat;
    error_log /var/log/nginx/rocketchat.access.log;

    ssl on;
    ssl_certificate /etc/nginx/certificate.crt;
    ssl_certificate_key /etc/nginx/certificate.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE

    location / {
        proxy_pass http://quantquant.chat:80/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
}

[zxweed]

PS: I have temporary changed the port of chat to 3000 (+backend and proxy_pass parameters) with the same results - ERR_TOO_MANY_REDIRECTS

[k0nsl]

@zxweed: what happens if you set the set IP in proxy_pass?

[zxweed]

@k0nsl, thank you, I have put the IP-address in the line

proxy_pass http://127.0.0.1

and the problem was solved.

Can you request the manual (https://github.com/RocketChat/Rocket.Chat/wiki/Run-Rocket.Chat-behind-a-SSL-Reverse-Proxy) change? There is the example with hostname, not the digital IP-address:

location / {
proxy_pass http://your_hostname.com:3000/;

[zxweed]

And the last question is - how can I disable the "Force SSL" setting in database without dropping of it?

[konsumate]

A small external independent helper utility might help set generic database entries in the future

[engelgabriel]

"Force SSL" should never be used with reverse proxy. If you have a reverse proxy, you should do the redirect THERE. We only added the option to do "Force SSL" at the application level, for deployments like Heroku, that does not allow you to configure the redirect at the reverse proxy.

@rodrigok can you please add a description bellow the field on the admin panel?

[k0nsl]

@unixfox:

In the configuration example you gave it shows you're proxying to a IP, not hostname.