How to set up SSL on the official Docker image?

3 months ago
Hello all!
Maybe someone succeeded in setting up SSL using official nopCommerce Docker image?
My last attempt failed. I tried to use separate Nginx server as SSL proxy, but still get ERR_TOO_MANY_REDIRECTS error.
Set up all settings for the store (enabled SSL and set URL to 'https://...') and security settings (forcesslforallpages), edited appsettings.json file (set the UseHttpXForwardedProto to true), but still get this error.
My Nginx conf is below:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}

http {
server {
  listen 80;
  server_name oneclickcharity.com www.oneclickcharity.com;
  if ($http_x_forwarded_proto = 'http'){
    return 301 https://www.oneclickcharity.com$request_uri;
    }
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name   oneclickcharity.com www.oneclickcharity.com;
  
    ssl_certificate           /etc/ssl/oneclickcharity.com.crt;
    ssl_certificate_key       /etc/ssl/oneclickcharity.com.key;

    location / {
    proxy_pass         http://occ-nop-fe:80;
    proxy_http_version 1.1;
    proxy_set_header   Host $host;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto https;
  proxy_set_header X-Scheme https;
  proxy_set_header X-real-IP $remote_addr;
  proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection 'upgrade';
    proxy_cache_bypass      $http_upgrade;
    }
  }
  
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}


Maybe someone already did this?
3 months ago
Hi,

Have a look at this post.

i hope it helps.

Team nopAccelerate
3 months ago
Hello,
The only thing I found from this post is port 80 redirection, which I've fixed. But it didn't help, because I have no problems with lack of redirection, I actually have too many of them. I have infinite redirection to https://..

Anyway, thanks.

nopAccelerate.com wrote:
Hi,

Have a look at this post.

i hope it helps.

Team nopAccelerate
3 months ago
Try removing all redirect and add one by one, and monitor nginx logs which will give you an idea on what could be wrong.
1 month ago
Hi,

I'm heading to the same problem.
Any update or work around for this situation??

Thanks in advance,

Hung Nguyen
1 month ago
hungnq1990 wrote:
Hi,

I'm heading to the same problem.
Any update or work around for this situation??

Thanks in advance,

Hung Nguyen


Yes, actually solved it. Here is Hosting section of my  appsettings.json:
  "Hosting": {
    //Set to "true" the settings below if your hosting uses a load balancer. It'll be used to determine whether the current request is HTTPS
    "UseHttpClusterHttps": false,
    "UseHttpXForwardedProto": true,

    //Use the setting below if your hosting doesn't use "X-FORWARDED-FOR" header to determine IP address.
    //In some cases server use other HTTP header. You can specify a custom HTTP header here. For example, CF-Connecting-IP, X-FORWARDED-PROTO, etc
    "ForwardedHttpHeader": "X-real-IP"
  },

and here is http section from nginx.conf:
http {
server {
  listen 80;
  listen [::]:80;
  server_name oneclickcharity.com www.oneclickcharity.com;
  return 302 https://oneclickcharity.com$request_uri;

}
server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name   oneclickcharity.com www.oneclickcharity.com;
  
    ssl_certificate           /etc/ssl/oneclickcharity.com.crt;
    ssl_certificate_key       /etc/ssl/oneclickcharity.com.key;

    location / {
    proxy_pass         http://occ-nop-fe:80;
    #proxy_http_version 1.1;
    proxy_set_header   Host $host;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto https;
  proxy_set_header X-Scheme https;
  proxy_set_header X-real-IP $remote_addr;
  proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection keep-alive;
    proxy_cache_bypass      $http_upgrade;
    }
  }
  
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
1 week ago
yuri.goltser wrote:
Hi,

I'm heading to the same problem.
Any update or work around for this situation??

Thanks in advance,

Hung Nguyen

Yes, actually solved it. Here is Hosting section of my  appsettings.json:
  "Hosting": {
    //Set to "true" the settings below if your hosting uses a load balancer. It'll be used to determine whether the current request is HTTPS
    "UseHttpClusterHttps": false,
    "UseHttpXForwardedProto": true,

    //Use the setting below if your hosting doesn't use "X-FORWARDED-FOR" header to determine IP address.
    //In some cases server use other HTTP header. You can specify a custom HTTP header here. For example, CF-Connecting-IP, X-FORWARDED-PROTO, etc
    "ForwardedHttpHeader": "X-real-IP"
  },

and here is http section from nginx.conf:
http {
server {
  listen 80;
  listen [::]:80;
  server_name oneclickcharity.com www.oneclickcharity.com;
  return 302 https://oneclickcharity.com$request_uri;

}
server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name   oneclickcharity.com www.oneclickcharity.com;
  
    ssl_certificate           /etc/ssl/oneclickcharity.com.crt;
    ssl_certificate_key       /etc/ssl/oneclickcharity.com.key;

    location / {
    proxy_pass         http://occ-nop-fe:80;
    #proxy_http_version 1.1;
    proxy_set_header   Host $host;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto https;
  proxy_set_header X-Scheme https;
  proxy_set_header X-real-IP $remote_addr;
  proxy_set_header        Upgrade $http_upgrade;
    proxy_set_header        Connection keep-alive;
    proxy_cache_bypass      $http_upgrade;
    }
  }
  
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}


You sir, have saved my day! Thank you!