Cloudflare redirects to https then back to http

jayharris · February 17, 2020, 10:01pm

Can anyone please help me with requests to my site being caught in an infinite redirect loop? As far as I can tell, my SSL/TLS encryption mode is off. Under my DNS settings, I am redirecting to one of Heroku’s servers, but I don’t (think I) have SSL set up there. When I look at my requests in Google Chrome, my first request looks like:

and then it’s immediately followed by a request that looks the same only from https to http. (I can’t include a screenshot because I’m only allowed to put one image in a post.) I’m assuming that these redirects are coming via Cloudflare because the server field in both requests is “cloudflare”. Does anyone know how to get out of this infinite loop? Thank you very much.

Judge · February 17, 2020, 10:05pm

If a request goes through CF, it will say CF regardless. Chances are the redirect is your server itself redirecting HTTPS to HTTP; this might be done by your hosting provider if you don’t run on a dedicated server and don’t pay them for SSL, or if your software is hard-coded for http and redirects HTTPS back.

jayharris · February 17, 2020, 11:27pm

I’m not paying Heroku for SSL, so I guess that makes sense. But then how do I get Cloudflare to stop redirecting to https in that case? I have it turned off in the SSL/TLS control panel?

michael · February 17, 2020, 11:46pm

This looks like the other way around. CF redirecting to HTTP, origin forcing HTTPS?

If SSL Encryption mode is Off, Cloudflare will redirect any requests over HTTPS back to HTTP.

You don’t need a paid plan on Heroku. It’s been a long time since I used Heroku, but the documentation says you can use a *.herokuapp.com cert for nothing. So long as Heroku allows you to make requests for your custom hostname even on an invalid Certificate name, this should be fine. Not ideal, but it will work if you are unwilling to use a paid plan on Heroku that generates a real certificate automatically.

It is worth setting SSL mode to Full, and seeing if that resolves the issue.

jayharris · February 19, 2020, 1:09am

I set the SSL mode to full and now I’m getting a 525 error when I go to my site.

There’s this on Heroku’s support site, so I’m going to try generating a Cloudflare SSL certificate and then uploading to Heroku.

https://help.heroku.com/GVS2BTB5/why-am-i-getting-error-525-ssl-handshake-failed-with-cloudflare-when-using-a-herokudns-com-endpoint

system · March 18, 2020, 10:01pm

This topic was automatically closed after 30 days. New replies are no longer allowed.