Always Use HTTPS Doesn't Work for CF Proxied HTTPS Ports?

We have a few different web servers running on the same IP, each assigned a port from the list of CF proxied HTTPS ports (443, 2087, and 2096 to be specific).

I have Always Use HTTPS enabled in the dashboard and it works fine when I type the domain without a port on the end, but when I add the :2087 or :2096 to access the other servers it sends the request with HTTP and returns a 400 error (it works fine when I specify https manually).

The documentation says that this feature will “redirect all your visitor requests from http to https for all subdomains”. Am I crazy to think that this should include domains with ports, especially those that CF proxies for HTTPS? I get that I can just use a bulk rewrite rule, but I thought this feature was supposed to handle that.

If you don’t specify a port and request http, your browser sends the request to port 80, Cloudflare answers using http and redirects to https. Your browser then makes a request to port 443.

If you request to port 2087, that’s like requesting port 443 directly and sending it http. It can’t answer http, only https. As it can’t answer, it can’t redirect to anything.

Make the request to port 2086 (http) and you will see a redirect to https (albeit, port 443 - it’s not going to redirect to 2087 which you could consider the “pair”).

See…

2 Likes

Rather than using URLs with a port number, you could create a separate hostname for each of your server ports, and use an Origin Rule to specify the port, so for example port 2087 could be accessed as just foo.example.com with no port number specified. Then “always use HTTPS” would work as expected.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.