ERR_TOO_MANY_REDIRECTS with Synology Application Portal

Submitted by dave on Wed, 04/27/2022 - 10:16

I run a few websites from a VM on my Synology NAS. The VM has the typical LAMP setup for running Wordpress and Drupal sites. As it is not exposed directly to the internet, Apache serves up all sites on port 80 and I configured the Synology "Application Portal" to forward both port 80/443 requests to it. Application Portal (nginx behind the curtain) also provides handling of SSL Certs on port 443.
So I created 2 Synology Application Portal entries - one to for serving up incoming 80 to ApacheHost:80, and one for serving up incoming 443 to ApacheHost:80.
With this setup I encountered a problem when trying to do a typical redirect from port 80 to 443 using a .htaccess on the Apache server. If I do a simple redirect from port 80 to 443 everything works as designed... but my design was wrong! Since I set up the Reverse Proxy to do all comms to Apache on port 80, Apache always redirects to 443... which Proxy sends to 80 and in short order we have a redirect mess - an endless loop that gave me an ERR_TOO_MANY_REDIRECTS.
After a few false starts I now have a way to provide http -> https rewriting.
1) Create a separate site to serve up custom content for port 80 requests


    ServerAdmin webmaster@ba6.us
    DocumentRoot /var/www/html/redir/ba6.us
    ServerName ba6.us
    ServerAlias ba6.us
    ErrorLog logs/ba6.us-redir-error_log
    CustomLog logs/ba6.us-redir-access_log common
    RewriteEngine On
    RewriteOptions inherit



   Options -Indexes
   AllowOverride All
   Order allow,deny
   Allow from all

Create a separate stub site on my ApacheHost:8888 that only serves up the following .htaccess file /var/www/html/redir/ba6.us/.htaccess :

RewriteEngine On
RewriteRule ^(.*)$ https://ba6.us/$1 [R,L]

This will simply rewrite any http:// request to https:// requests.
Set up Application Portal (nginx) entries to Proxy appropriately
ba6.us HTTP Proxy

  • Source Protocol : HTTP
  • Source Hostname: ba6.us
  • Source Port : 80
  • Destination Protocol: HTTP
  • Destination Hostname: ApacheHost
  • Destination port: 8888

ba6.us HTTPS Proxy

  • Source Protocol : HTTP
  • Source Hostname: ba6.us
  • Source Port : 443
  • Destination Protocol: HTTP
  • Destination Hostname: ApacheHost
  • Destination port: 80

Note: Also make sure you have a cert set up for your domain in Control Panel -> Security -> Certificate tab.

How it works

  • Visit unsecured site http://ba6.us
  • nginx receives communication on port 80, proxies to ApacheHost:8888
  • ApacheHost:8888 responds for VirtualHost ba6.us:8888. The only thing this virutal host has the ability to server up is the special .htaccess with redirect.
  • Redirect to https URL is sent to browser
  • Browser requests https://ba6.us
  • nginx receives communication on port 443, proxies to ApacheHost:80
  • ApacheHost:80 serves up the normal site
  • All access is now secure!
Tags: 
Synology
nginx
apache
HTTP
HTTPS

Add new comment