Troubleshooting Redirect Errors When Using a Cache Server
Hello, it's the incompetent me.
※The photo is unrelated. It's an image from another error.
When operating as a cache server, I was troubled by redirect errors appearing occasionally for unknown reasons and persisting until the cache was cleared, but that has now been resolved.
The problematic syntax. ※Partially modified.
{
listen 443 ssl;
server_name xxx.xxx;
location / {
proxy_pass /xxxxxx/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Content-Security-Policy upgrade-insecure-requests;
ssl_certificate /xxx/xxx.pem;
ssl_certificate_key /xxx/xxx.pem;
set $do_not_cache 0;
if ($http_cookie ~ ^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$) {
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-admin/.*"){
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-content/.*"){
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-includes/.*"){
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-cron.php.*"){
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-login.php.*"){
set $do_not_cache 1;
}
if ($uri ~* "\.(jpg|jpeg|png|webp|gif|mp4|css|js|ico|woff2)$") {
set $do_not_cache 0;
}
proxy_no_cache $do_not_cache;
proxy_cache_bypass $do_not_cache;
proxy_cache zone;
proxy_cache_key $scheme$proxy_host$uri$is_args$args;
proxy_cache_valid 200 201 6h;
proxy_cache_valid 302 3h;
proxy_cache_valid 301 1d;
proxy_cache_valid 404 5m;
proxy_cache_lock on;
}
}
While rebuilding it several times, I noticed that redirect loops often occurred with SSL authentication. I finally realized that there was a structural oddity where the SSL certificate key itself seemed to be involved in the reverse proxy, and moving the .pem files to the end resolved the issue. The correct syntax is as follows.
Also, I felt that placing the keys immediately after add_header Content-Security-Policy upgrade-insecure-requests; was probably not ideal.
{
listen 443 ssl;
server_name xxx.xxx;
location / {
proxy_pass /xxxxxx/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Content-Security-Policy upgrade-insecure-requests;
set $do_not_cache 0;
if ($http_cookie ~ ^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$) {
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-admin/.*"){
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-content/.*"){
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-includes/.*"){
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-cron.php.*"){
set $do_not_cache 1;
}
if ($request_uri ~ "^/wp-login.php.*"){
set $do_not_cache 1;
}
if ($uri ~* "\.(jpg|jpeg|png|webp|gif|mp4|css|js|ico|woff2)$") {
set $do_not_cache 0;
}
proxy_no_cache $do_not_cache;
proxy_cache_bypass $do_not_cache;
proxy_cache zone;
proxy_cache_key $scheme$proxy_host$uri$is_args$args;
proxy_cache_valid 200 201 6h;
proxy_cache_valid 302 3h;
proxy_cache_valid 301 1d;
proxy_cache_valid 404 5m;
proxy_cache_lock on;
}
ssl_certificate /xxx/xxx.pem;
ssl_certificate_key /xxx/xxx.pem;
}
This resolved the issue.
That's all for now.
※It was not resolved. Added to part 2.