Inifinite redirect loop

Support
1

Software and hardware versions
Ubuntu Server 18.04, Aggregate v2.0.0

Problem description
My ODK Aggregate is working normally when connect with the 8080 port, but when trying to use nginx for redirect I go into an infinite loop.

Steps to reproduce the problem
I'm setting up the ODK Agregator on my server following the "ODK Aggregate - Build and run with Docker Compose", I have changed the security.server.checkHostnames to false. And in my nginx installation is configured with Let's Encrypt.

security.properties:

security.server.deviceAuthentication=digest
security.server.secureChannelType=REQUIRES_INSECURE_CHANNEL
security.server.channelType=REQUIRES_INSECURE_CHANNEL
security.server.forceHttpsLinks=false
security.server.hostname=
security.server.port=8080
security.server.securePort=8443
security.server.superUserUsername=administrator
security.server.realm.realmString=ODK Aggregate
security.server.checkHostnames=false

nginx config.:
I changed my domain to example.com

server {

    root /var/www/example.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name example.com www.example.com;
		
	if ($host = example.com) {
		return 301 https://www.$host$request_uri;
	}

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # ma$
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # $
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	
	location / {
        try_files $uri $uri/ =404;
    }
	
	rewrite ^/rstudio$ $scheme://$http_host/rstudio/ permanent; 
    
    location /rstudio/ {
      rewrite ^/rstudio/(.*)$ /$1 break;
      proxy_pass http://localhost:8787;
      proxy_redirect http://localhost:8787/ $scheme://$http_host/rstudio/;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_read_timeout 20d;
    }	
	rewrite ^/aggregate$ $scheme://$http_host/aggregate/ permanent; 
    
    location /aggregate/ {
      rewrite ^/aggregate/(.*)$ /$1 break;
      proxy_pass http://localhost:8080;
      proxy_redirect http://localhost:8080/ $scheme://$http_host/aggregate/;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_read_timeout 20d;
    }

}

server {

    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
	
}

I tested various configurations during installation, using docker and docker compose, using virtualbox and installing directly into the system according to the wiki. But it always has a problem when redirecting to ODK Aggregate. I believe the problem is when using nginx with the ssl certificate and the redirect to the ODK Aggregate.

2

Hi @DosAnjosFilho!

We have a similar configuration on our Cloud-Config stacks, which use nginx for ssl too. We set a security.server.hostname in the security.properties with the ip/hostname the final users will be using, though. Could you try that?

Regarding the nginx ssl configuration and the redirects, I'm afraid I can't help you much. I can only say that our Cloud-Config stacks configure nginx to use proxy_pass to route traffic to the Apache Tomcat servr. Maybe some other user has more experience and can check it.

3

Hello @ggalmazor

I was able to troubleshoot using the https://raw.githubusercontent.com/opendatakit/aggregate/master/cloud-config/assets/cloud-config.yml script
and creating a sub-domain aggr.example.com on my server.

I've tried using the cloud-config solution to create a redirect in nginx for example.com/aggr, but the problem persisites, I do not know and some nginx, tomcat or aggregate configuration. But the solution of creating a subdomain on the server is working perfectly.

2 Likes
4

@DosAnjosFilho, my intuition is that sub-folder support is going to be hard to implement and support. There also hasn't been any user request besides yours.

That said, you sound technical, so if this is a big pain point and you want to do the work to figure out how to get it all setup, we'd certainly document that config and share it with the community.