Why am I getting infinite redirect loop with force_ssl in my Rails app?
You're not forwarding any information about whether this request was an HTTPS-terminated request or not. Normally, in a server, the "ssl on;" directive will set these headers, but you're using a combined block.
Rack (and force_ssl) determines SSL by:
- If the request came in on port 443 (this is likely not being passed back to Unicorn from nginx)
- If ENV['HTTPS'] == "on"
- If the X-Forwarded-Proto header == "HTTPS"
See the force_ssl source for the full story.
Since you're using a combined block, you want to use the third form. Try:
proxy_set_header X-Forwarded-Proto $scheme;in your server or location block per the nginx documentation.
This will set the header to "http" when you come in on a port 80 request, and set it to "https" when you come in on a 443 request.
Try setting this directive in your nginx location @unicorn block:
proxy_set_header X-Forwarded-Proto https;
I had this same issue and investigating the Rack middleware handler (not force_ssl but similar) I could see that it was expecting that header to be set to determine if the request was already processed as being SSL by nginx.