DNS Proxy TURN-ON, redirects to wrong domain

I have several domains on the One DigitOcean droplet (Ubuntu 20.04). Each domain has Let’s Encrypt SSL certificate, and it works great for DigitOcean DNS

I try to move one domain to Cloudflare DNS, and my domain starts redirecting to my second domain if Cloudflare DNS Proxy ON. If I turn OFF Cloudflare DNS Proxy, it works great.

I found several cases where need to add to /etc/host like this.

SERVER_IP my-first-domainDOTcom
SERVER_IP my-second-domainDOTcom

But got the same redirect to the second domain. How I should setup my DigitOcean droplet to move to the right host, or need setup in Cloudflare side?

1 Like

Did you check all redirection related rules on Cloudflare? If there’s nothing configured, this redirect will be sent (in one way or another) by your server and you’d need to verify your server configuration.

Also, you say it works fine when it’s not proxied, but it does not work fine when you override the DNS resolution. These are somewhat contradicting statements. Check that you have everywhere the correct IP address configured.

What’s the domain?

I can verify the redirect, however that is still sent by your server. Check your server configuration and verify that you do not have any particular configurations for Cloudflare IP addresses.

The connection status proves that this redirect is sent by the origin.

image

Considering that nobody here knows your server setup, it’s impossible to say what exactly sends that.

I get the same redirect whether through the proxy or direct to the origin. Is this correct?

curl -I https://popshift.news/
HTTP/2 301
date: Sat, 25 Nov 2023 08:33:24 GMT
content-type: text/html
location: https://git.logic.cool/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yxq4Z7%2B1GXOfk8c49ruj2txUj2oYhCzTZsNPy9P514kR%2ByqOAyU6CxQ8v2yrvO5b4%2BkyBtkBVSxwA8SBeGEvH01Q%2BA5i0Lv0WMqIfvf5uPySSbBBG%2B%2BRCznIZa30Usod%2FxCPKl4nVn0atFQs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82b88bf24a5ddcb7-LHR
alt-svc: h3=":443"; ma=86400
telnet 143.244.146.176 80
Trying 143.244.146.176...
Connected to 143.244.146.176.
Escape character is '^]'.
GET / HTTP/1.1
Host: popshift.news

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 25 Nov 2023 08:38:42 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://git.logic.cool/
Cf-Team: 1ca73aa32f0000dcb7b4095400000001

Do you happen to have the insecure Flexible encryption mode configured? If so, then that explains the redirect, as your server redirects HTTP requests.

Always make sure to use Full Strict. Not only is this the only way to have a secure site, but it will also fix your issue.

I don’t understand what I need to do, why my server don’t understand what current host requested and get for default IP, but If I TURN OFF proxy, working connrect.

Did you check your encryption mode? You need Full Strict.

HTTP to HTTPS redirect was disabled for my domain. I moved it to the CLOUDFLARE part
My server setuped on NGNIX, what do I need to do, and where I can read?

Where do I need to check the encryption mode? Sorry for stuped question

https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

Then go by what was mentioned in the previous responses.

set it full. Because I have self signed certificate

Looks Like working! Thanks for your advice and patience

As already mentioned you should not use Full. Only Full Strict. If you have an insecure certificate, you need to fix that.

Plus, you seem to have a valid certificate anyhow.

I have a valid certificate on my server from Let’s Encrypt

Never use anything else than Full Strict. All other modes are legacy modes which provide no proper encryption.

1 Like

:raised_hands: ok thanks