After 10/18 upgrade (virtualmin, webmin), new virtual host *always* gets ERR_TOO_MANY_REDIRECTS

I wish I could give much in the way of detail.

Yesterday late evening (10/18), Virtualmin told me there were 2 updates to install (virtualmin / webmin related, not OS).

I've never had any problems before with updates, so I just did the update as recommended.... nothing seemed amiss... a little while later, went to bed.

A little while ago, I added a domain, and the website creation process went as usual (to my unsophisticated eye)... except, when I surfed to MyNewDomain.com suddenly my browsers (plural) refused to connect.

"MyNewDomain.com(N) redirected you too many times" Try clearing your cookies. ERR_TOO_MANY_REDIRECTS

I get this same problem on ALL of my browsers, and yes, I've cleared cookies. (Even rebooted my laptop.)

I had successfully created another domain "MyNewDomain.com(N-1)" and restored a site into it yesterday afternoon, some time -before- seeing the "update" instruction from Virtualmin ... so that's the only thing I can think of that's connected to whatever has caused the problem I'm now experiencing.

I can't even remember "what" exactly was updated. I just remember that it was 2 virtualmin / webmin modules. (I wasn't paying close attention since it was quite late, and I certainly wasn't expecting any problems to arise...)

I compared the sections of "MyNewDomain.com(N-1)" and "MyNewDomain.com(N)" (from /etc/httpd/conf/http.conf) and cannot see any notable difference (other than obviously the domains, and account names). Arrgh!

How can I find out what was just updated yesterday, and back out those updates to their N-1 revs? (If nothing else, to confirm / deny that the issue traces to them.)

My current site installs all work fine (same browsers) so I'm fairly confident that it the issue is NOT related to my laptop / client browsers; it's server side, but in a really bizarre way.

Here are the relevant VirtualHost sections as created by Virtualmin (identifiers changed but obvious)... there's a slight difference:

php_value memory_limit 32M IPCCommTimeout 41

but I edited / restarted httpd.conf to add back those directives into the non-working virtualhost -- still doesn't work.

VirtualHost config sections pasted below...

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv   WORKING VirtualHost   vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
<VirtualHost SERVER_IP_ADDRESS:80>
SuexecUserGroup "#1018" "#1018"
ServerName DOMAIN_WORKING
ServerAlias www.DOMAIN_WORKING
ServerAlias mail.DOMAIN_WORKING
ServerAlias webmail.DOMAIN_WORKING
ServerAlias admin.DOMAIN_WORKING
DocumentRoot /home/ACCOUNTNAME/public_html
ErrorLog /var/log/virtualmin/DOMAIN_WORKING_error_log
CustomLog /var/log/virtualmin/DOMAIN_WORKING_access_log combined
ScriptAlias /cgi-bin/ /home/ACCOUNTNAME/cgi-bin/
ScriptAlias /awstats/ /home/ACCOUNTNAME/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ACCOUNTNAME/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
RemoveHandler .php7.2
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
RedirectMatch ^/(?!.well-known)(.*)$ https://DOMAIN_WORKING/$1
<Files awstats.pl>
AuthName "DOMAIN_WORKING statistics"
AuthType Basic
AuthUserFile /home/ACCOUNTNAME/.awstats-htpasswd
require valid-user
</Files>
Alias /dav /home/ACCOUNTNAME/public_html
<Location /dav>
DAV on
AuthType Basic
AuthName "DOMAIN_WORKING"
AuthUserFile /home/ACCOUNTNAME/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
RewriteEngine off
</Location>
php_value memory_limit 32M
IPCCommTimeout 41
</VirtualHost>
<VirtualHost SERVER_IP_ADDRESS:443>
SuexecUserGroup "#1018" "#1018"
ServerName DOMAIN_WORKING
ServerAlias www.DOMAIN_WORKING
ServerAlias mail.DOMAIN_WORKING
ServerAlias webmail.DOMAIN_WORKING
ServerAlias admin.DOMAIN_WORKING
DocumentRoot /home/ACCOUNTNAME/public_html
ErrorLog /var/log/virtualmin/DOMAIN_WORKING_error_log
CustomLog /var/log/virtualmin/DOMAIN_WORKING_access_log combined
ScriptAlias /cgi-bin/ /home/ACCOUNTNAME/cgi-bin/
ScriptAlias /awstats/ /home/ACCOUNTNAME/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ACCOUNTNAME/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.2
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php7.2
</Directory>
<Directory /home/ACCOUNTNAME/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.DOMAIN_WORKING
RewriteRule ^(.*) https://DOMAIN_WORKING:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.DOMAIN_WORKING
RewriteRule ^(.*) https://DOMAIN_WORKING:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/ACCOUNTNAME/ssl.cert
SSLCertificateKeyFile /home/ACCOUNTNAME/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
<Files awstats.pl>
AuthName "DOMAIN_WORKING statistics"
AuthType Basic
AuthUserFile /home/ACCOUNTNAME/.awstats-htpasswd
require valid-user
</Files>
Alias /dav /home/ACCOUNTNAME/public_html
<Location /dav>
DAV on
AuthType Basic
AuthName "DOMAIN_WORKING"
AuthUserFile /home/ACCOUNTNAME/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
RewriteEngine off
</Location>
SSLCACertificateFile /home/ACCOUNTNAME/ssl.ca
php_value memory_limit 32M
IPCCommTimeout 41
</VirtualHost>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^   WORKING VirtualHost   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv   NON-WORKING VirtualHost   vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
<VirtualHost SERVER_IP_ADDRESS:80>
SuexecUserGroup "#1022" "#1022"
ServerName DOMAIN_NOT_WORKING
ServerAlias www.DOMAIN_NOT_WORKING
ServerAlias mail.DOMAIN_NOT_WORKING
ServerAlias webmail.DOMAIN_NOT_WORKING
ServerAlias admin.DOMAIN_NOT_WORKING
DocumentRoot /home/ACCOUNTNAME/public_html
ErrorLog /var/log/virtualmin/DOMAIN_NOT_WORKING_error_log
CustomLog /var/log/virtualmin/DOMAIN_NOT_WORKING_access_log combined
ScriptAlias /cgi-bin/ /home/ACCOUNTNAME/cgi-bin/
ScriptAlias /awstats/ /home/ACCOUNTNAME/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ACCOUNTNAME/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.2
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php7.2
</Directory>
<Directory /home/ACCOUNTNAME/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.DOMAIN_NOT_WORKING
RewriteRule ^(.*) https://DOMAIN_NOT_WORKING:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.DOMAIN_NOT_WORKING
RewriteRule ^(.*) https://DOMAIN_NOT_WORKING:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
RedirectMatch ^/(?!.well-known)(.*)$ https://DOMAIN_NOT_WORKING/$1
<Files awstats.pl>
AuthName "DOMAIN_NOT_WORKING statistics"
AuthType Basic
AuthUserFile /home/ACCOUNTNAME/.awstats-htpasswd
require valid-user
</Files>
Alias /dav /home/ACCOUNTNAME/public_html
<Location /dav>
DAV on
AuthType Basic
AuthName "DOMAIN_NOT_WORKING"
AuthUserFile /home/ACCOUNTNAME/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
RewriteEngine off
</Location>
</VirtualHost>
<VirtualHost SERVER_IP_ADDRESS:443>
SuexecUserGroup "#1022" "#1022"
ServerName DOMAIN_NOT_WORKING
ServerAlias www.DOMAIN_NOT_WORKING
ServerAlias mail.DOMAIN_NOT_WORKING
ServerAlias webmail.DOMAIN_NOT_WORKING
ServerAlias admin.DOMAIN_NOT_WORKING
DocumentRoot /home/ACCOUNTNAME/public_html
ErrorLog /var/log/virtualmin/DOMAIN_NOT_WORKING_error_log
CustomLog /var/log/virtualmin/DOMAIN_NOT_WORKING_access_log combined
ScriptAlias /cgi-bin/ /home/ACCOUNTNAME/cgi-bin/
ScriptAlias /awstats/ /home/ACCOUNTNAME/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ACCOUNTNAME/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.2
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/ACCOUNTNAME/fcgi-bin/php7.2.fcgi .php7.2
</Directory>
<Directory /home/ACCOUNTNAME/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.DOMAIN_NOT_WORKING
RewriteRule ^(.*) https://DOMAIN_NOT_WORKING:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.DOMAIN_NOT_WORKING
RewriteRule ^(.*) https://DOMAIN_NOT_WORKING:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/ACCOUNTNAME/ssl.cert
SSLCertificateKeyFile /home/ACCOUNTNAME/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
<Files awstats.pl>
AuthName "DOMAIN_NOT_WORKING statistics"
AuthType Basic
AuthUserFile /home/ACCOUNTNAME/.awstats-htpasswd
require valid-user
</Files>
Alias /dav /home/ACCOUNTNAME/public_html
<Location /dav>
DAV on
AuthType Basic
AuthName "DOMAIN_NOT_WORKING"
AuthUserFile /home/ACCOUNTNAME/etc/dav.digest.passwd
Require valid-user
ForceType text/plain
Satisfy All
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.2
RewriteEngine off
</Location>
SSLCACertificateFile /home/ACCOUNTNAME/ssl.ca
</VirtualHost>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^   NON-WORKING VirtualHost   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Status: 
Active

Comments

NB: I'm using Cloudflare, but the problem is constant whether or not proxying is enabled. Seems clear that this is a server-side issue. D'oh! :'(

Howdy -- we're sorry that you're seeing an issue there, and I understand it began occurring around the time of the webmin/virtualmin update.

However, my suspicion is that the issue lies elsewhere.

We haven't been receiving other similar reports, and after reviewing your configs, the only redirect in the above exists in both Virtual Hosts.

My suggestion would be to try setting up a domain that points directly to your server, not using Cloudflare. I'd then setup a .html file to access, and see what happens when accessing that (possibly using a command line client like wget, as it makes it easier to follow the redirects that are occurring, and won't run into caching issues).

Already tried that. Note my specific comment:

NB: I'm using Cloudflare, but __the problem is constant whether or not proxying is enabled. __

Manually created index.html in the bare public_html directory:

<html>
<h1>Under Construction</h1>
</html>

No proxying. Gets the exact same result: ERR_TOO_MANY_REDIRECTS

The only thing that has changed in the last day on this server, is the updates from Virtualmin / Webmin.

The only way I can think of to test my hypothesis is to back out the recent updates, to see if the problem goes away.

How can I do that?

I get same problem but only when i try to make a redirect 301 from http to https :(

Another testing datapoint.

I removed / recreated the domain account from yesterday... but this time, I unchecked the "Create SSL website" option.

With same index.html, this time the browser connects; no ERR_TOO_MANY_REDIRECTS message. (Works whether using Cloudflare proxy or not.)

So, there seems to be something wonky with how Virtualmin is setting up the SSL part of the virtualhost.

Ummm ... can someone please tell me how to back out the Webmin / Virtualmin module updates from this weekend?

It's clear that a serious problem has happened. I want to back them out, to prove / disprove that they are what have caused the the SSL site redirect problem.

It can't be that hard to downgrade to rev N-1 ... right?

Sorry, I know it's frustrating, but since there isn't an obvious bug here, the best place to troubleshoot the issue is in the Forums.

If it does end up being a bug, we'll gladly help get it fixed up. But the best place for the troubleshooting process is using the Forums.

I do see your post in there, and we'll monitor that thread, and try and lend a hand where we can.

Thanks!