<div dir="ltr">Hi All,<div><br></div><div>Can someone with fresh eye please review this config and tell me why requests are infinite redirection to https?</div><div><br></div><div>I'm trying to forward inbound requests on port 443 either to the localhost port 80 or the localhost port 25565, depending if it is a request for a WSS or for HTTP (files)</div><div>Many thanks!</div><div><br></div>map $http_upgrade $connection_upgrade {<br><br>    default upgrade;<br><br>    '' close;<br><br>}<br><br><br>upstream to-websocket {<br><br>    server localhost:25565;<br><br>}<br><br><br>server_tokens off;<br><br><br># SSL requirements. We use Certbot and LetsEncrypt<br><br>#ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed by Certbot<br><br>#ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; # managed by Certbot<br><br>#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br><br>#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br><br>#ssl_session_cache shared:SSL:1m;<br><br><br>#ssl_session_timeout 5m;<br><br>#ssl_ciphers HIGH:!aNULL:!MD5;<br><br>#ssl_prefer_server_ciphers on;<br><br><br>server {<br><br>#   first redirect to https<br><br>    if ($scheme = "http") {<br><br>        return 301 https://$host$request_uri;<br><br>    }<br><br><br>#   Now webserver<br><br>#   Port 80 shouldn't be accesed from outside<br><br>    listen 80 default_server;<br><br>    listen [::]:80 default_server;<br><br>    server_name -myFQDN- www.-myFQDN-;<br><br>    return 404; # managed by Certbot<br><br>    root /var/www/html;<br><br>}<br><br><br>server {<br><br>    root /var/www/html;<br><br>    index  index.html index.htm;<br><br>    server_name -myFQDN-;<br><br><br>#   Proxy our outside https to local http<br><br>    listen [::]:443 ssl ipv6only=on; # managed by Certbot<br><br>    listen 443 ssl; # managed by Certbot<br><br>    ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed by Certbot<br><br>    ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; # managed by Certbot<br><br>    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br><br>    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br><br><br>    location / {<br><br>        try_files /nonexistent @$http_upgrade;<br><br>    }<br><br>    location @websocket {<br><br>        proxy_http_version 1.1;<br><br>        proxy_set_header Upgrade $http_upgrade;<br><br>        proxy_set_header Connection $connection_upgrade;<br><br>        proxy_set_header X-Real-IP $remote_addr;<br><br>        proxy_set_header X-Forwarded-Proto $scheme;<br><br>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br><br>        proxy_set_header Host -myFQDN-;<br><br>        proxy_set_header Referer https://-myFQDN-;<br><br>        proxy_set_header Referrer https://-myFQDN-;<br><br>#       proxy_pass <a href="http://localhost:25565">http://localhost:25565</a>;<br><br>        proxy_pass <a href="http://to-websocket">http://to-websocket</a>;<br><br>    }<br><br><br>    location @ {<br><br>        proxy_set_header X-Real-IP $remote_addr;<br><br>        proxy_set_header Host -myFQDN-;<br><br>        proxy_set_header Referer https://-myFQDN-;<br><br>        proxy_set_header Referrer https://-myFQDN-;<br><br>        proxy_set_header X-Forwarded-Proto $scheme;<br><br>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br><br>        proxy_pass <a href="http://localhost:80">http://localhost:80</a>;<br><br>    }<br><br>}<br><div><br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><table cellpadding="0" cellspacing="0" style="color:rgb(0,0,0);font-size:medium;vertical-align:-webkit-baseline-middle;font-family:Verdana"><tbody><tr><td style="vertical-align:middle"><br></td></tr><tr><td height="30"></td></tr><tr></tr><tr><td height="30"></td></tr><tr><td><table cellpadding="0" cellspacing="0" style="vertical-align:-webkit-baseline-middle;font-family:Verdana;width:555.031px"><tbody><tr><td style="vertical-align:top"></td><td style="text-align:right;vertical-align:top"><table cellpadding="0" cellspacing="0" style="vertical-align:-webkit-baseline-middle;font-family:Verdana;display:inline-block"><tbody><tr><td><a href="https://www.linkedin.com/in/michael-glenn-williams-45ab23228/" color="#729DC7" style="display:inline-block;padding:0px;background-color:rgb(114,157,199)" target="_blank"><img src="https://cdn2.hubspot.net/hubfs/53/tools/email-signature-generator/icons/linkedin-icon-2x.png" alt="linkedin" color="#729DC7" height="24" style="max-width:135px;display:block"></a></td><td width="5"><div></div></td></tr></tbody></table></td></tr></tbody></table></td></tr><tr><td></td></tr></tbody></table></div></div></div><img src="https://t.sidekickopen04.com/s3t/o/5/f18dQhb0S7n28bNTLVW7zKHFs1jkhdLW1_k-L-1qZM43N2TrPlL5Z0xmW4cH2872z6fYSf7_cSGl02?si=8000000020094730&pi=345017b4-4571-4171-dbc3-d4bd4abf4847" alt="" style="display:none!important" height="1" width="1"><div></div></div>