Having trouble setting up HTTP to HTTPS redirect for Tunnel

I am currently trying to setup a docker-compose system that creates a dockerized Cloudflare and nginx as well as the necessary docker networks that other docker-compose projects may need to use.

So, I have a django app running in a docker container that is accessible via test_steelbooksatbestbuy_website:8000 if connect to the correct docker network but I cannot seem to get it to be accessible via HTTPS.

I was able to setup an HTTP site pretty ok. but I am having trouble trying to figure out how to setup HTTP → HTTPS redirect.

I have this nginx configuration

[email protected]:/# cat /etc/nginx/conf.d/steelsbooks.conf 
upstream steelbooks {
  server test_steelbooksatbestbuy_website:8000 fail_timeout=0;
}

server {
  listen 80;
  server_name steelbooks.getthemachine.net;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name steelbooks.getthemachine.net;
    ssl_certificate /etc/letsencrypt/live/steelbooks.getthemachine.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/steelbooks.getthemachine.net/privkey.pem; # managed by Certbot


  location / {
    proxy_set_header        Host $host:$server_port;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_redirect http:// https://;
    proxy_pass              http://steelbooks;
    # Required for new HTTP-based CLI
    proxy_http_version 1.1;
    proxy_request_buffering off;
  }

}

with the following Cloudflare configs:

Full strict for SSL/TLS encryption mode

and HTTP://nginx:80 for the Service for the Public Hostname Page for the tunnel

But I cannot seem to get it to work.

When I try to access the page, I just end up with 20 duplicate calls to https://steelbooks.getthemachine.net and my nginx logs spit this out.

172.18.0.2 - - [01/Jul/2022:23:22:53 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:53 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:54 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:54 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:54 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:54 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:54 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:54 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:55 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:55 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:55 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:55 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:55 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:55 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:56 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:56 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:56 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:56 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:56 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:57 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"
172.18.0.2 - - [01/Jul/2022:23:22:57 +0000] "GET / HTTP/1.1" 301 169 "https://dash.teams.cloudflare.com/" "Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0" "178.249.214.20"

I can’t tell if its a problem with my nginx config or my Cloudflare config.

I am not sure if that is enough information. Please let me know if i need to clarify anything.

I am confused as to why you are using SSL with a Cloudflared tunnel with docker compose. Using HTTP between docker containers is fine.

That nginx access log is very weird. It seems to be trying to access Cloudflare teams dashboard, but on your server. Do you have any Access Applications configured? How are you accessing the web app via HTTP? Cloudflare should be upgrading all those requests if they are going through the Cloudflare network.

I had not setup SSL initially. I only set that up cause HTTPS was not working and some online resources suggested that would help and I was at my wit’s end :sweat_smile:

Do you have any Access Applications configured?

No. I just followed these instructions https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/, more or less.

How are you accessing the web app via HTTP?

What do you mean? I just access it via a web browser?

Cloudflare should be upgrading all those requests if they are going through the Cloudflare network.

sorry, @ Cyb3r-Jak3, I think I misunderstood your question.

I am confused as to why you are using SSL with a Cloudflared tunnel with docker compose.

I was trying to setup HTTPS for my website and certbot setup the SSL while I was running it on my nginx container.

If you are using a tunnel, then Cloudflare will handle the encryption from the user all the way to the connector on your machine. Using HTTP is fine between the Cloudflared docker container and the nginx docker container.

Cloudflare shouldn’t be allowing the HTTP requests, so I would check your DNS settings. Or are you accessing the docker container directly and not through Cloudflare.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.