SSL Too Many Redirects


I recently installed ininja on my server.

Here is my problem. I cant get Ininja use a SSL encrypted connection, certificates are ok. If I enable force https I get an too many redirects error. If I leave it of. My Browser is blocking unsecure load connections even if is set App-URL to https://(mydomain)

My Configuration

PHP 7.0
Nginx 1.34.3. self-compiled

Logfiles and so on are empty.


I’m not sure, are you using a proxy?

No I’m not

Are there any differences with the use of ‘www’ in the links.

It could be related to the webserver configuration, maybe try using Apache?

Actually it is an subdomain like ininja.***.com atm https is disabled, but If i redirect all traffic (via NGINX) I get this error - if I switch https on (config in nginx) all css und js files are unloadable.

Are you using a wildcard certificate? You may want to try running it in a sub-folder.

I am using a certificate from letsencrypt. Thats the Domain

Thx for the help

Is the subdomain specified in the certificate?

Not sure what else to suggest other than to try Apache.

Actually thats odd…

It worked on Debian with Nginx and now wont work - any other suggestions? The certificate is specially issued on


Sorry, I’m out of ideas.

So maybe this can give you a hint - I made new certificates set my Domain to https in the .env File. I get the following error (no js and css is loading)

I’m seeing a 500 error, you’d want to check the logs for details.

Again after a fresh install I get the following error:

[Warning] [blocked] The page at was not allowed to run insecure content from

-> even before I did anything

What is APP_URL set to in the .env file?

Maybe this will help:

For everyone having the Same problems as me -

under location .php you need to add
fastcgi_param HTTPS on;


1 Like

Thanks for sharing your solution!

Not having the same issue but for future reference where is location.php? Thanks.

P.S. you might want to add to your .htaccess

Header set Strict-Transport-Security: “max-age=31536000 ; includeSubDomains ;” env=HTTPS

That’ll redirect all traffic to https and also tell browsers to remember to only visit https.

This did the trick for me running invoice ninja with nginx and behind a reverse proxy (also nginx).