cancel
Showing results for 
Search instead for 
Did you mean: 

Can not get admin working on dedicated domain and dedicated admin server

Can not get admin working on dedicated domain and dedicated admin server

Hi,

 

I've been struggling with this for a number of days. I have a staging/dev site setup on AWS with the following architecture:

Main Store Site

 

(HTTPS/HTTP)AWS ELB -------> Varnish (dedicated server) -----> NGINX (dedicated server) -----> PHPFPM (dedicated server). 

Admin site

(HTTPS/HTTP)AWS ELB -------> Varnish (dedicated server) -----> NGINX (dedicated server) -----> PHPFPM (dedicated server). 

 

I have SSL offload working for the site using the HTTPS=on fastcgi_param and setting the Offloader header to X-Forwarded-Proto and the admin is accessible by going to the  main store site like so https://dev.example.com/admin_dev.

 

However we are trying to split the admin so it would work from admin-dev.example.com/admin_dev. This url resolves to a dedicated set of admin servers which have an identical code base to the store site.  We have tried setting the following:

 

Screen Shot 2017-03-24 at 13.41.55.pngWe thought this would work however we end up in an infinite redirect loop where it seems to be redirecting to itself. We aren't really sure what to change at the moment. 

 

We are using the following nginx configuration:

 

map $http_x_forwarded_proto $fastcgi_https {
    default $https;
    https on;
}
server {
    listen 80;
### Temporarily in place to catch all hosts
    server_name admin-dev.example.com;   
    client_max_body_size 50M;
    set $MAGE_ROOT /usr/share/nginx/html;
    set $MAGE_MODE APP_MAGE_MODE;

    access_log syslog:server=SYSLOG:SYSPORT1,facility=local7,tag=nginx,severity=info combined;
    error_log syslog:server=SYSLOG:SYSPORT2,facility=local7,tag=nginx,severity=error;
  #root $MAGE_ROOT;
    index index.php;
    autoindex off;
    charset UTF-8;

    error_page   500 502 503 504  /503.php;
    location = /503.php {
    root   /usr/share/nginx/html/pub/errors;
    fastcgi_pass   fastcgi_backend;

    fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
    fastcgi_param  PHP_VALUE "memory_limit=768M \n max_execution_time=600";
    fastcgi_read_timeout 600s;
    fastcgi_connect_timeout 600s;

    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;


    }

    error_page   404 403 410 405 /404.html;
    location = /404.html {
    root  html;
    index   404.html
    rewrite ^ $scheme://SITEURL/no-route/ permanent;
    }



    location ~ ^/vendor {
          return 404;
     }


    # PHP entry point for setup application
    location ~* ^/setup($|/) {
        root $MAGE_ROOT;
        location ~ ^/setup/index.php {
            fastcgi_pass   fastcgi_backend;

            fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
            fastcgi_param  PHP_VALUE "memory_limit=8192M \n max_execution_time=600";
            fastcgi_read_timeout 600s;
            fastcgi_connect_timeout 600s;

            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

        location ~ ^/setup/(?!pub/). {
            deny all;
        }

        location ~ ^/setup/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
        }
    }

    # PHP entry point for update application
    location ~* ^/update($|/) {
        root $MAGE_ROOT;

        location ~ ^/update/index.php {
            fastcgi_split_path_info ^(/update/index.php)(/.+)$;
            fastcgi_pass   fastcgi_backend;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  PATH_INFO        $fastcgi_path_info;
            include        fastcgi_params;
        }

        # Deny everything but index.php
        location ~ ^/update/(?!pub/). {
            deny all;
        }

        location ~ ^/update/pub/ {
            add_header X-Frame-Options "SAMEORIGIN";
        }
    }

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location /pub/ {
        location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
            deny all;
        }
        alias $MAGE_ROOT/pub/;
        add_header X-Frame-Options "SAMEORIGIN";
    }

    location /static/ {
        # Uncomment the following line in production mode
        # expires max;

        # Remove signature of the static files that is used to overcome the browser cache
        location ~ ^/static/version {
            rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
        }

        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;

            if (!-f $request_filename) {
                rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
            }
        }
        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires    off;

            if (!-f $request_filename) {
               rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
            }
        }
        if (!-f $request_filename) {
            rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
        }
        add_header X-Frame-Options "SAMEORIGIN";
    }

    location /media/ {
        try_files $uri $uri/ /get.php$is_args$args;

        location ~ ^/media/theme_customization/.*\.xml {
            deny all;
        }

        location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
            add_header Cache-Control "public";
            add_header X-Frame-Options "SAMEORIGIN";
            expires +1y;
            try_files $uri $uri/ /get.php$is_args$args;
        }
        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
            add_header Cache-Control "no-store";
            add_header X-Frame-Options "SAMEORIGIN";
            expires    off;
            try_files $uri $uri/ /get.php$is_args$args;
        }
        add_header X-Frame-Options "SAMEORIGIN";
    }

    location /media/customer/ {
        deny all;
    }

    location /media/downloadable/ {
        deny all;
    }

    location /media/import/ {
        deny all;
    }

    # PHP entry point for main application
    location ~ (index|get|static|report|404|503)\.php$ {
        try_files $uri =404;
        fastcgi_param MAGE_MODE "APP_MAGE_MODE";
        fastcgi_param HTTPS $fastcgi_https;
        fastcgi_pass   fastcgi_backend;
        fastcgi_buffer_size 512k;
        fastcgi_buffers 1024 4k;
        fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
        fastcgi_param  PHP_VALUE "memory_limit=8192M \n max_execution_time=18000";
        fastcgi_read_timeout 900s;
        fastcgi_connect_timeout 600s;
        fastcgi_intercept_errors on;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    gzip on;
    gzip_disable "msie6";

    gzip_comp_level 6;
    gzip_min_length 1100;
    gzip_buffers 16 8k;
    gzip_proxied any;
    gzip_types
        text/plain
        text/css
        text/js
        text/xml
        text/javascript
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/xml+rss
        image/svg+xml;
    gzip_vary on;

    # Banned locations (only reached if the earlier PHP entry point regexes don't match)
location ~* (\.php$|\.htaccess$|\.git|composer.json|composer.lock|auth.json) {
    deny all;
}
}