[Bug]: Getting error ERR_TOO_MANY_REDIRECTS

[diogo24m]

Description

I'm trying to run a meshcentral docker and when I access my domain I'm getting this error: ERR_TOO_MANY_REDIRECTS

Minimal Reproduction (if possible, example repository)

This is my docker-compose.yml:

version: '3'
services:
  meshcentral:
    container_name: meshcentral
    image: 'typhonragewind/meshcentral:latest'
    environment:
      - HOSTNAME=my.domain.com
      - REVERSE_PROXY=xxx.xx.xx.xx
      - REVERSE_PROXY_TLS_PORT=443
      - IFRAME=false
      - ALLOW_NEW_ACCOUNTS=true
      - WEBRTC=false
      - BACKUPS_PW=MyAwesomePasswordPleaseChangeMe
      - BACKUP_INTERVAL=24
      - BACKUP_KEEP_DAYS=7
    volumes:
      - './meshcentral/data:/opt/meshcentral/meshcentral-data'
      - './meshcentral/user_files:/opt/meshcentral/meshcentral-files'
      - './meshcentral/backups:/opt/meshcentral/meshcentral-backups'

With cloudflare dns configured like this:
A | my.domain.com | xxx.xx.xx.xx | DNS only

Also tried forcing cloudflare to use SSL to connect to this domain

Exception or Error

Here you can see that meshcentral is running

MeshCentral HTTPS server running on my.domain.com:443.
Loaded web certificate from "https://xxx.xx.xx.xx:443", host: "my.domain.com"
  SHA384 cert hash: d109f2fd321973194fd3d6217bb12e4f1b0ef2c0451187b623401b825f07b512d83d91ba425bbfca94aab5d5b3832a01
  SHA384 key hash: 1f440cf88e68e2d5fc83b9eadcef3f72e7da061a62d4fe4d4632512774dfccfbd1b8ad1238e04335e21c951775b790d0

Version

v4.0.0-beta.333

Cloud?

• Yes
• No

[steventsvetkov]

@diogo24m By default, Cloudflare is configured to use a flexible SSL/TLS strategy, which means that connections between Cloudflare and your origin are made through HTTP. If your origin is using HTTPS, as it is in your case, that would cause such an issue as Cloudflare keeps trying to access your server via HTTP, which in turn keeps redirecting to HTTPS.

Make sure your SSL/TLS encryption mode is set to Full (strict).

If you have recently changed your record to be proxied by Cloudflare (or disabled that), that changes the A record target IP, which can take a while to propagate and is usually cached by your device/browser. After making the changes, give it some time or use a device which you have not recently used to access your website.

[diogo24m]

Is set like you said

[steventsvetkov]

The settings I'm talking about are located here:

I don't think it's necessary to set page rules.

[diogo24m]

I set it in Page Rules because I need other subdomains to have a different setting

[dymoo]

I use full (strict) and i'm still getting the same error. My own deployments (when I disable force https in advanced->general) work fine but all the templates i've deployed have the same too many redirects issue...

[kunumigab]

SSL need to be set to at least Full, and also disable "always https" on SSL/TLS>Edge Certificates.

Btw, if your using default proxy (traefik) you can setup DNS-01 for less LE errors issuing the certificate's

https://coolify.io/docs/knowledge-base/traefik/wildcard-certificates

[diogo24m]

"always https" is disabled

I only want to set this subdomain I am using.

My other apps and services are woking fine.

[Fronix]

There should be some type of setting in Coolify to disable forcing https redirects in the proxy. It's a good standard rule to have but it's messing up my setup... There was one before but it got removed in v4 :/

I can disable it by editing the coolify.yaml file etc but it gets reset everytime i restart or update

[PinsonJonas]

I'm trying to setup meshcentral as well and am encountering the same issue.
Did you manage to figure it out?

[diogo24m]

Unfortunately no

[matjaz]

I have a similar issue.

I want both http and https traffic.

Using coolify 4 373
Force Https is off.

Below are examples if I change Domains - using docker compose build pack.

Domains: https://sub.example.com
Bug. http is force redirected to https - I have force Https off.

      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      - traefik.http.routers.http-0-ggkogc0o8kko08o0wg0sc04c-web.entryPoints=http
      - traefik.http.routers.http-0-ggkogc0o8kko08o0wg0sc04c-web.middlewares=redirect-to-https
      - 'traefik.http.routers.http-0-ggkogc0o8kko08o0wg0sc04c-web.rule=Host(`sub.example.com`) && PathPrefix(`/`)'
      - traefik.http.routers.https-0-ggkogc0o8kko08o0wg0sc04c-web.entryPoints=https
      - traefik.http.routers.https-0-ggkogc0o8kko08o0wg0sc04c-web.middlewares=gzip
      - 'traefik.http.routers.https-0-ggkogc0o8kko08o0wg0sc04c-web.rule=Host(`sub.example.com`) && PathPrefix(`/`)'
      - traefik.http.routers.https-0-ggkogc0o8kko08o0wg0sc04c-web.tls.certresolver=letsencrypt
      - traefik.http.routers.https-0-ggkogc0o8kko08o0wg0sc04c-web.tls=true

Domains: http://sub.example.com
https is not working

      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      - traefik.http.routers.http-0-ggkogc0o8kko08o0wg0sc04c-web.entryPoints=http
      - traefik.http.routers.http-0-ggkogc0o8kko08o0wg0sc04c-web.middlewares=gzip
      - 'traefik.http.routers.http-0-ggkogc0o8kko08o0wg0sc04c-web.rule=Host(`sub.example.com`) && PathPrefix(`/`)'

Domains: http://sub.example.com,https://sub.example.com
Wrong config. Sometimes redirect-to-https is forced sometimes it's not.

      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      - traefik.http.routers.http-0-ggkogc0o8kko08o0wg0sc04c-web.entryPoints=http
      - traefik.http.routers.http-0-ggkogc0o8kko08o0wg0sc04c-web.middlewares=gzip
      - 'traefik.http.routers.http-0-ggkogc0o8kko08o0wg0sc04c-web.rule=Host(`sub.example.com`) && PathPrefix(`/`)'
      - traefik.http.routers.http-1-ggkogc0o8kko08o0wg0sc04c-web.entryPoints=http
      - traefik.http.routers.http-1-ggkogc0o8kko08o0wg0sc04c-web.middlewares=redirect-to-https
      - 'traefik.http.routers.http-1-ggkogc0o8kko08o0wg0sc04c-web.rule=Host(`sub.example.com`) && PathPrefix(`/`)'
      - traefik.http.routers.https-1-ggkogc0o8kko08o0wg0sc04c-web.entryPoints=https
      - traefik.http.routers.https-1-ggkogc0o8kko08o0wg0sc04c-web.middlewares=gzip
      - 'traefik.http.routers.https-1-ggkogc0o8kko08o0wg0sc04c-web.rule=Host(`sub.example.com`) && PathPrefix(`/`)'
      - traefik.http.routers.https-1-ggkogc0o8kko08o0wg0sc04c-web.tls.certresolver=letsencrypt
      - traefik.http.routers.https-1-ggkogc0o8kko08o0wg0sc04c-web.tls=true

[matjaz]

solved it using Raw Compose Deployment checked under advanced

I also found hardcoded forced https ..

coolify/bootstrap/helpers/shared.php

Line 2082 in bdf411a

is_force_https_enabled: true,

[Fronix]

solved it using Raw Compose Deployment checked under advanced

I also found hardcoded forced https ..

coolify/bootstrap/helpers/shared.php

Line 2082 in bdf411a
is_force_https_enabled: true,

Not really a solution, rather a workaround.

[medinnna]

I had the same problem, my server is a home server and is connected to Cloudflare via tunnels, add this to wp-config.php:

define('FORCE_SSL_ADMIN', true);

if( strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false )
  $_SERVER['HTTPS'] = 'on';

I hope this works for you too.

[riemers]

Ok so in the end got mesh central up on port 443, if i do a curl https://localhost --insecure i get a normal html page back. Is that not enough then? i also disabled the redirect port on 80 but then it just times out, or bad gateway something in the sorts. Does the traefik config normally forward the request via http or https? if its http then that is something to look into. I am also using cloudflare but added that setting too also disable the proxy (to mask the ip) but also no luck. In the end i am not getting furhter then the redirect too..

Does anyone have a working one and if so whats your config.json?

[riemers]

And its working..

{
  "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
  "settings": {
    "cert": "your.site.com",
    "_WANonly": true,
    "_LANonly": true,
    "_sessionKey": "MyReallySecretPassword1",
    "port": 80,
    "mpsport": 0,
    "aliasPort": 443,
    "redirPort": 0,
    "_redirAliasPort": 80,
    "AgentPong": 300,
    "TLSOffload": true,
    "SelfUpdate": false,
    "AllowFraming": false,
    "mongodb": "mongodb://mongodb:27017/mesh",
    "mongodbcol": "mesh",
    "WebRTC": false,
    "trustedproxy": "CloudFlare"
  },
  "domains": {
    "": {
    "NewAccounts": true,
    "certUrl": "your.site.com"
        }
  }
}

Since that intel stuff is not valid anymore the mpsport is disabled by setting it to 0.
So coolify/traefik handles the ssl termination. Hence also the "TLSOffload = true"
Then port is 80 but the aliasport needs to be 443 otherwise it will advertise urls and add :80 behind it.

Also i have cloudflare in front of it so i had to add trustedproxy: cloudflare, remove if not needed. Remove the mongo items if you don't use that.

[diogo24m]

Thank you @riemers, this worked flawlessly!

[riemers]

p.s. if you take the default docker file your missing the healthchecks.

version: '3'
networks:
  meshcentral-tier:
    driver: bridge
services:
  mongodb:
    restart: always
    container_name: mongodb
    image: 'mongo:latest'
    volumes:
      - './meshcentral/mongodb_data:/data/db'
    networks:
      - meshcentral-tier
    healthcheck:
      test: ["CMD", "sh", "-c", "timeout 5 bash -c 'cat < /dev/null > /dev/tcp/localhost/27017'"]
      interval: 30s
      timeout: 10s
      retries: 3
  meshcentral:
    restart: always
    container_name: meshcentral
    image: 'ghcr.io/ylianst/meshcentral:latest'
    depends_on:
      - mongodb
    ports:
      - '8086:443'
    volumes:
      - './meshcentral/data:/opt/meshcentral/meshcentral-data'
      - './meshcentral/user_files:/opt/meshcentral/meshcentral-files'
      - './meshcentral/backup:/opt/meshcentral/meshcentral-backups'
      - './meshcentral/web:/opt/meshcentral/meshcentral-web'
    networks:
      - meshcentral-tier
    healthcheck:
      test: ["CMD", "nc", "-z", "localhost", "80"]
      interval: 30s
      timeout: 10s
      retries: 3

This should belong on the docker compose on mesh central but i don't want alerts on things that are actually up and running ;)