Cloudflare is redirecting https to http to my server, I'm doing vise versa, hence infinite loop error

bug

#1

When I do
curl -v --resolve www.domain.com:443:ip https://www.domain.com
I get the propper response from django
when I do
curl -v --resolve www.domain.com:443:ip http://www.domain.com
I get propper redirection
when I do either of
curl http[s]://glassacademy.ir
I get redirection which is wrong. I think CF is redirecting my https to http.


#3

It’s not Cloudflare. Your server is configured to redirect everything to HTTPS, but since in your Cloudflare settings you set the connection mode to Flexible, Cloudflare connects via HTTP to the origin getting the 301 redirect each time.

Two solutions:

  1. if the server has HTTPS configured (possibly with a valid certificate) set the SSL setting in the Crypto tab to Full (Strict), Full if the cert is not valid. This is the preferred method.
  2. remove the redirect server-side, handle it via Cloudflare as it is already doing apparently as well. This could and should be done regardless probably.

#4

I have redirected http to https with nginx. but when I open my domain I get infinite redirects. I believe CF is redirecting https to http :expressionless:


#6

glassacademy.ir


#7

That problem was fixed then but today I sent post requests to my website and got nginx 404 error from CF back so I just got sick of CF and tried to change my DNS to something else but then I thought let’s just disable CDN from CF maybe it will get fixed and again I have the https redirection problem.


#8

From what I can tell it is still the same issue as the one addressed by @matteo. Your HTTPS requests are redirected to HTTPS, most likely becaus they hit your server as HTTP.


#9

yes. and that is because CF is sending the https requests into http requests.


#10

And that is precisely what @matteo adressed 27 hours ago.


#11

But I have set it to strict (full)


#12

Can you post a screenshot of that, as well as one of your page rules?


#13

You do not have any Page Rules yet. Click ‘Create Page Rule’ above to get started.


#14

In that case it might be the Nginx configuration you referred to. Maybe you are redirecting to HTTPS, regardless of the way the request arrives. Remove that redirect and try again.


#15

I have made no changes to my nginx config.


#16

And this?


#17

I had done that yesterday already and it was working.


#18

If you feel comfortable enough revealing your IP address you could do so and someone could have a look at it. Alternatively you could also run a check of your IP address at sitemeer.com and tell me at what time you ran it and I could dig it out of the log.


#20

Yep, as I suspected that redirect comes straight from your server


#22

It actually does

< HTTP/1.1 301 Moved Permanently
* Server nginx is not blacklisted
< Server: nginx
< Date: Tue, 12 Feb 2019 17:07:03 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: https://www.glassacademy.ir/
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block

#23

but I haven’t misconfigured anything ;(((
Here is my nginx.conf: https://termbin.com/6jsn
here is my sites-enabled(single file in directory) https://termbin.com/bnfc
Here is my django settings.py: https://termbin.com/c6ng


#24

Well, I dont know what else to respond. Your server sends an unconditional redirect. Where that happens is something you need to check in your configuration. Cloudflare is not involved however.