Something is definitely wrong with your config. I'm also using nginx + Tomcat for a few years and haven't had this issue. I suspect a mismatch in nginx / Tomcat configs, perhaps related to HTTPS.
First, in your nginx config, instead of hardcoding the scheme as "https", use $scheme to let nginx use the scheme that is actually being used in the request: proxy_set_header X-Forwarded-Proto $scheme; Second, make sure your dspace.cfg has the correct hostname and baseURL. In the case of using a repository at https://dspace.example.edu, this is correct: dspace.hostname = dspace.example.edu dspace.baseUrl = https://${dspace.hostname} And finally, make sure your Tomcat server.xml has the connector set up properly (ie, with HTTP, but indicating that the the redirect was secure: <!-- tell tomcat it's being proxied via port 443 / scheme https --> <Connector port="8443" protocol="HTTP/1.1" connectionTimeout="20000" address="127.0.0.1" URIEncoding="UTF-8" proxyPort="443" scheme="https" secure="true" /> It's important the nginx→Tomcat is using plain HTTP as it is local, but that Tomcat knows the redirect was secure, the port nginx redirected from, etc. Note that I use a special connector port of 8443, so adjust your nginx proxy_pass accordingly. Good luck, On Tue, Feb 7, 2017 at 5:44 PM Anis <[email protected]> wrote: > Hey! > > I'm setting up a dspace 5 instance using nginx. The problem I'm facing now > is, that after going to the login page and clicking login I get "server > redirected you too many times" error from my browser (Chrome on Mac OS). So > the site works fine before I try to login, after that it gives the > aforementioned error and only clearing cookies will get rid of it. Any > ideas for fixing this? > > > ROOT.xml in the Catalina folder > <?xml version='1.0'?> > <Context > docBase="/data/dspace/webapps/xmlui" > reloadable="true" > cachingAllowed="false" > sessionCookiePathUsesTrailingSlash='false'/> > > > > nginx configuration (ommited some information) > > server { > listen 80; > listen [::]:80; > > > server_name <server_name>; > > > return 301 https://<server_name>$request_uri; > } > server { > listen 443 ssl; > listen [::]:443 ssl; > > > server_name <server_name>; > > > ssl_certificate <cert>; > ssl_certificate_key <key>; > ssl_session_timeout 1d; > ssl_session_cache shared:SSL:50m; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_ciphers > 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA' > ; > ssl_prefer_server_ciphers on; > > > add_header Strict-Transport-Security max-age=15768000; > > > > # forward everything to tomcat > location / { > proxy_pass <tomcat_address>; > proxy_redirect off; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto https; > > > client_max_body_size 10m; > client_body_buffer_size 128k; > > > proxy_connect_timeout 120; > proxy_send_timeout 120; > proxy_read_timeout 120; > > > proxy_buffer_size 4k; > proxy_buffers 4 32k; > proxy_busy_buffers_size 64k; > proxy_temp_file_write_size 64k; > } > } > > -- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > -- Alan Orth [email protected] https://englishbulgaria.net https://alaninkenya.org https://mjanja.ch -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
