Problem:
there are several URL routes that end up in an ERR_TOO_MANY_REDIRECTS error when accessed
for example:
select organisation or location
- /organizations/1-example-com/select
- /locations/3-gb-lon/select
- /hosts/server1/console
i suspect it could be a problem with the apache vhost config
Expected outcome:
no redircet loop
Foreman and Proxy versions:
3.3.0 & 3.3.0
Foreman and Proxy plugin versions:
foreman_discovery 21.0.0
foreman_hooks 0.3.17
foreman_puppet 4.0.1
puppetdb_foreman 5.0.0
Distribution and version:
Debian 11
apache vhost config:
Listen 443
<VirtualHost *:443>
ServerName foreman.example.com
ServerAdmin web@example.com
ServerSignature OnDocumentRoot /usr/share/foreman/public
<Directory “/usr/share/foreman/public”>
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
RequestHeader set X_FORWARDED_PROTO “https”
RequestHeader set SSL_CLIENT_S_DN “%{SSL_CLIENT_S_DN}s”
RequestHeader set SSL_CLIENT_CERT “%{SSL_CLIENT_CERT}s”
RequestHeader set SSL_CLIENT_VERIFY “%{SSL_CLIENT_VERIFY}s”
RequestHeader unset REMOTE_USER
RequestHeader unset REMOTE_USER_EMAIL
RequestHeader unset REMOTE_USER_FIRSTNAME
RequestHeader unset REMOTE_USER_LASTNAME
RequestHeader unset REMOTE_USER_GROUPSSSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPass /pulp !
ProxyPass /pulp2 !
ProxyPass /streamer !
ProxyPass /pub !
ProxyPass /icons !
ProxyPass / unix:///run/foreman.sock|http://foreman/ retry=0 timeout=900
ProxyPassReverse / unix:///run/foreman.sock|http://foreman/RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) unix:///run/foreman.sock|ws://foreman/$1 [P,L]SSLEngine on
RewriteEngine on RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b RewriteCond %{REQUEST_FILENAME} \.(css|js|svg)$ RewriteCond %{REQUEST_FILENAME}.gz -s RewriteRule ^(.+) $1.gz [L]
SSLHonorCipherOrder on
SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM
SSLVerifyDepth 3
SSLVerifyClient optional
SSLOptions +StdEnvVars +ExportCertData
SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
SSLCertificateFile /etc/puppetlabs/puppet/ssl/certs/foreman01-01.example.com.pem
SSLCertificateKeyFile /etc/puppetlabs/puppet/ssl/private_keys/foreman01-01.example.com.pem
SSLCertificateChainFile /etc/puppetlabs/puppet/ssl/certs/ca.pem
SSLCACertificateFile /etc/puppetlabs/puppet/ssl/certs/ca.pem
SSLCARevocationFile /etc/puppetlabs/puppet/ssl/crl.pem
SSLCARevocationCheck chain
SSLOptions +StdEnvVars +ExportCertData<FilesMatch \.css\.gz$> ForceType text/css Header set Content-Encoding gzip SetEnv no-gzip </FilesMatch> <FilesMatch \.js\.gz$> ForceType text/javascript Header set Content-Encoding gzip SetEnv no-gzip </FilesMatch> <FilesMatch \.svg\.gz$> ForceType image/svg+xml Header set Content-Encoding gzip SetEnv no-gzip </FilesMatch>
<LocationMatch “^/(assets|webpack)”>
Options SymLinksIfOwnerMatch
AllowOverride None
Require all granted
Header unset ETag
FileETag None
ExpiresActive On
ExpiresDefault “access plus 1 year”
AddDefaultCharset UTF-8
CustomLog /var/log/apache2/foreman-ssl-access.log combined
ErrorLog /var/log/apache2/foreman-ssl-error.log