I’m trying to use PrestaShop 1.7.5.1 with Caddy, the installation of the e-commerce platform went fine, but when I attempt to access the domain, the browser returns ERR_TOO_MANY_REDIRECTS (with Chrome, I get a similar message with Mozilla Firefox).
I’m using a VPS Ubuntu 18.04 with a compiled from source Caddy, version 0.10.3. And I’m using a subdomain which is configured like this:
sub.domain.tld {
root /path/public
gzip
tls email@domain.tld
timeouts 10m
fastcgi / /path/php-fpm.sock php {
read_timeout 1800s
send_timeout 1800s
connect_timeout 20s
}
header / {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always
# connect via HTTPS (do not use if only testing)
Strict-Transport-Security "max-age=31536000;"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Context
X-Content-Type-Options "nosniff"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "SAMEORIGIN"
# Removing Server header
-Server
# Control frame ancestors
Content-Security-Policy "
default-src 'self';
frame-ancestors 'none'
"
}
log /path/logs/sub_domain_access.log {
rotate_size 25 # Rotate after 25 MB
rotate_age 30 # Keep rotated files for 30 days
rotate_keep 10 # Keep at most 10 log files
}
}
I see from the Prestashop .htaccess rewrite rule that the relevant rule is:
RewriteRule . - [E=REWRITEBASE:/]
Which should be:
rewrite {
r (.*)
to {path} {path}/ /index.php?{uri}
}
I’ve tested the above rewrite rule, but I had no success. And even by removing the rule and reloading the server, I get the same redirect error.
It seems it is switching from http to https and then back to http with a 302. This does not happen in the login interface for the admin panel, nor it happens in the dashboard, but I still cannot access all the other pages. To be honest I’m starting to think it’s not the server but the Prestashop code.
Given your Caddyfile, Caddy will only be issuing one redirect - from HTTP to HTTPS (setup by default by the Automatic HTTPS feature).
I’d have to assume that PrestaShop is issuing redirects to HTTP, then - see if you can find a HTTPS or Scheme or site URL option that you can instruct it to accept HTTPS requests.
As for this:
Chrome here is respecting your strict-transport-security: max-age=31536000; header and issuing its own 307 to itself to go straight to HTTPS.
And deleted the entry for the domain. This allowed me to skip the redirect loop. Now I have to deal with the rewrite rules, but I’ll address eventual questions to a new thread.
This, from my point of view, can be considered solved.