Home / server / Questions / 978853
Accepted
klor
Asked: 2019-08-12 21:48:08 +0800 CST

Moodle 3.7 & Apache & reverse proxy results ERR_TOO_MANY_REDIRECTS

  • 772

Moodle 3.7 Apache with reverse proxy results ERR_TOO_MANY_REDIRECTS.

I have an SSL site with following vhosts file on Frontend server:

<VirtualHost *:80>
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>     


<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName moodle.site.com:443

SSLEngine on
SecAuditEngine On
RewriteEngine On

    ProxyPreserveHost On
    ProxyPass / http://101.102.103.104:80/
    ProxyPassReverse / http://101.102.103.104:80/

</VirtualHost>                                  
</IfModule>

I also redirect all 80 port requests to SSL port.

The command

curl -I https://moodle.site.com/

results:

HTTP/1.1 303 See Other
Date: Fri, 09 Aug 2019 19:13:33 GMT
Server: Apache/2.4.38 (Debian)
Strict-Transport-Security: max-age=15768000; includeSubDomains
Location: https://moodle.site.com
Content-Language: en
Content-Type: text/html; charset=UTF-8

On Backend server in Moodle config.php I have:

$CFG->wwwroot   = 'https://moodle.site.com';
$CFG->reverseproxy = true;
$CFG->sslproxy  = 1;

Any idea why I get "ERR_TOO_MANY_REDIRECTS" error in Google Chrome, when I try to open https://moodle.site.com URL?

EDIT1:

101.102.103.104 is the IP address of the Moodle backend server. The frontend server has moodle.site.com subdomain name, which resolves to 1.2.3.4. The user enters the moodle.site.com URL, which should reverse proxy content from Moodle backend server from 101.102.103.104 IP address.

apache-2.4

3 Answers

  1. I have no access to web server config so I have to find this workaround. File lib/setuplib.php, line 900 in my case, Moodle comment of this: $CFG->sslproxy specifies if external SSL appliance is used (That is, the Moodle server uses http, with an external box translating everything to https).

    Change

      if (empty($CFG->sslproxy))

    for

      if (!empty($CFG->sslproxy))

    That was all needed to begin installation normally. (after two hours of debugging inserting die()'s everywhere)

    • 1

  2. I had the same problem. Do not change anything in setuplib.php. Simply remove the $CFG->reverseproxy = true; in php.config and include the route to your moodle installation as https://.... in the $CFG->wwwroot of config.php.

    So, your config.php file would contain:

    $CFG->wwwroot = "https://server/dirs";
$CFG->sslproxy = true;
    • 1
  3. Best Answer

    I had 4 problems, so I had to fix them (command line commands should be executed as root or use sudo):

    1) on proxied server, the mod_ssl Apache module was not activated. Test in the command line, if mod_ssl is active:

    apache2ctl -M | grep ssl

    Should display this (if active):

    ssl_module (shared)

    FIX (enable mod_ssl in the command line):

    a2enmod ssl
# Considering dependency setenvif for ssl:
# Module setenvif already enabled
# Considering dependency mime for ssl:
# Module mime already enabled
# Considering dependency socache_shmcb for ssl:
# Enabling module socache_shmcb.
# Enabling module ssl.
# See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
# To activate the new configuration, you need to run:
# systemctl restart apache2

    2) I use the Header directive in Apache SSL conf file, like this:

    # Guarantee HTTPS for 180 days including sub domains 
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"

    Because of this mod_headers Apache module is required, it was not activated. Test in the command line, if mod_headers is active:

    apache2ctl -M | grep headers

    Should display this (if active):

    headers_module (shared)

    FIX (enable mod_headers in the command line):

    a2enmod headers

    3) I had to use https ProxyPass URL instead of http in Apache vhost conf file :

    Wrong:

    ProxyPass / http://101.102.103.104:80/
ProxyPassReverse / http://101.102.103.104:80/

    GOOD:

    ProxyPass / https://101.102.103.104/
ProxyPassReverse / https://101.102.103.104/

    4) Had to turn on SSLProxyEngine directive to use SSL in ProxyPass in Apache vhost conf file.

    FIX: Added SSLProxyEngine on in /etc/apache2/sites-available/myvhost.conf

    SSLProxyEngine on
    • 0