Before adding ssl_certificate, my nginx.conf is very simple:

server {
    listen 80 default_server;

    index index.php index.html index.htm;

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info  ^(.+\.php)(/.+)$;
        fastcgi_index            index.php;
        fastcgi_pass             php:9000;
        include                  fastcgi_params;
        fastcgi_read_timeout     1200s;
        fastcgi_param   PATH_INFO       $fastcgi_path_info;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

Then I followed [here](https://phoenixnap.com/kb/letsencrypt-docker) to set Up letsencrypt with Nginx (replacing [domain-name] throughout), and now my nginx.conf looks like:

server {
    listen 80 default_server;

    server_name [domain-name] www.[domain-name];
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://[domain-name]$request_uri ;
    }
}

server {
    listen 443 default_server ssl http2;
    listen [::]:443 ssl http2;

    server_name [domain-name];

    ssl_certificate /etc/nginx/ssl/live/[domain-name]/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/[domain-name]/privkey.pem;
    
    location / {
    	proxy_pass http://[domain-name] ;
    }

    index index.php index.html index.htm;

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info  ^(.+\.php)(/.+)$;
        fastcgi_index            index.php;
        fastcgi_pass             php:9000;
        include                  fastcgi_params;
        fastcgi_read_timeout     1200s;
        fastcgi_param   PATH_INFO       $fastcgi_path_info;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

See the changes here -- https://www.diffchecker.com/bAfVjewE/ , > which I think is very simple, straightforward, and reasonable. However, my php site is completely broken -- My chrome browse says it gets into endless redirect (_"redirected you too many times"_), see Notes 2. What might be the cause, and fix? Notes, 1. The adding of ssl_certificate is fine, but the endless redirect is there even when I tested with an empty site. 1. When endless redirect happens, the nginx logs kept printing nothing but ...[08/Aug/2024:15:xx:yy +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64)..., even thought I've seen that the protocol on my browser has changed from http to https. If I visit it with curl, I'm getting:

$ curl -i https://my.site.name:443/ 
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 08 Aug 2024 15:42:45 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://my.site.name/ 


301 Moved Permanently

301 Moved Permanently
nginx

and the server log is:

[08/Aug/2024:15:42:45 +0000] "GET / HTTP/1.1" 301 162 "-" "curl/8.5.0" "my.ip"
[08/Aug/2024:15:42:45 +0000] "GET / HTTP/1.1" 301 162 "-" "curl/8.5.0" "-"

And the error log is empty, as this is how my ngix logging is configed:

cd /var/log/nginx/

root@5b6a9033cb31:/var/log/nginx# ls -l
total 0
lrwxrwxrwx 1 root root 11 Jul 23 07:14 access.log -> /dev/stdout
lrwxrwxrwx 1 root root 11 Jul 23 07:14 error.log -> /dev/stderr