Help with SSL Redirect

sfnum8 · 2017-08-13 21:11:17 UTC

0
down vote
favorite

I currently have my Online Store as a Sub-Domain of my main site hosted via 1and1 and abput 2 weeks ago we converted to https with the “wildcard” ssl certificate, but we cannot get the redirects to work with the CloudFlare CDN. This is the CDN that is purchased through the host. I have worked with 1and1 Support, but we have not found a resolution. I was hoping someone on the Cloudflare end may be able to help with the solution.

The .htaccess re-direct code below is currently working when I bypass Cloudflare. Any ideas what if this should work with Cloudflare or what I would need to change it to in order for it to work.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mysite.com/$1 [R,L]

Thanks

sdayman · 2017-08-13 21:39:40 UTC

I don’t use HTTPS rewrite in .htaccess. From Cloudflare’s Crypto Page for my domain, I turn on Always Use HTTPS. While you’re on that page, make sure the very top option has SSL enabled for your domain and its Status is Active.

And just to be sure, your subdomain is pointing to a Cloudflare IP address, correct?

sfnum8 · 2017-08-13 22:01:10 UTC

I am trying to use CloudFlare Plus through my 1and1 account. I don’t actually have a Cloudflare account, as 1and1 is supposed to handle everything.
I don’t recall ever seeing the option of “Always use Https”. They say this option is not available through their control panel.

Not 100% sure on your second question, but the main site doesn’t redirect either.

I’m just wondering if the redirect code they gave could be changed to work with CloudFlare.

Here is the original one
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mysite.com [NC]
RewriteRule ^(.*)$ https://www.mysite.com [L,R=301]

sdayman · 2017-08-13 22:23:01 UTC

Without Cloudflare panel insight to your setup, here’s one theory:

Cloudflare is hitting your site on Port 80. This would be in Flexible SSL mode where Cloudflare presents your site in HTTPS, but pulls your data via HTTP.

When a visitor hits Cloudflare, they see HTTPS, but your web server sees HTTP thanks to Flexible mode. So your server says “Try again using HTTPS” and the cycle repeats.

What problem/error code are you seeing right now?
Do you have any control over SSL mode?

sfnum8 · 2017-08-13 22:49:36 UTC

As of the past couple weeks, I have just bypassed Cloudflare and have just been using the host’s servers.
I don’t recall the exact error, but it said something along the lines of not being able to verify or connect to the https version of the site. THIS WAS ONLY ON A REDIRECT! If I typed the url in the address bar with https:// it would connect with the SSL just fine.

I only tried it with this code
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mysite.com [NC]
RewriteRule ^(.*)$ https://www.mysite.com [L,R=301]

I switched to the Port 80 code when I turned cloudflare off.
Following the syntax of the redirect code is a little above my knowledge level. But since the SSL worked fine when typing https in directly, it seems to me that we may just need to figure out the correct redirect code.

From what I can see, I can choose Flexible or Full and I’m not sure which one we had picked.

sdayman · 2017-08-13 22:54:12 UTC

Make sure you’re using Full. That should stop the redirect loop.

You’re saying SSL worked fine when typing in HTTPS directly. Was this when Cloudflare was enabled?

sfnum8 · 2017-08-13 23:26:04 UTC

Yes, If I am not mistaken, this was when CloudFlare was enabled.

sdayman · 2017-08-13 23:58:16 UTC

You seem to be switching back and forth between HTTP_HOST and SERVER_PORT. I’ve had better luck with the SERVER_PORT redirect with Full (Strict). What are you using right now?

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

sfnum8 · 2017-08-14 00:25:30 UTC

RIght now I am using 80, but I am not on Cloudflare.

When we first set this up with CloudFlare, I was using the http_host, but since it wasn’t working, I bypassed Cloudflare and the port 80 was the code they recommended, which works perfectly fine.
I’ll have to play around with some different options.

I’m starting to wonder if the “Wildcard” Certificate will even work correctly with this 1and1/Cloudflare setup.

sdayman · 2017-08-14 00:56:41 UTC

The Wildcard is for the public-facing side of Cloudflare. It just saves them the effort of adding certs for primary subdomains. Root, the www, and sub1, sub2, sub3, etc., are ready to go as you need them. It’s Cloudflare’s back end connecting to your server that’s throwing a wrench into your setup.

sateesh · 2017-10-13 07:44:37 UTC

Hi,
I am also facing the same issue. I have bought SSL certificate " GeoTrust Certificate" from 1and1 and configured the certificate in my nginx server also. Till this point our site works perfectly fine.
But after the integration with Cloudflare, I see our website UI is getting distorted and unable to make calls to our API’s .

Any help ?

xXanony · 2018-02-16 21:05:47 UTC

Not sure if this has been answered so I won’t start a new thread.
I have a http server not https.
It’s not port 80, it’s a higher port on nginx.

My question:

Can I set up flexible ssl on Cloudflare so that the user can see standard https port 443, whilst still maintaining the existing port configuration?

sdayman · 2018-02-17 00:54:34 UTC

I don’t believe Cloudflare can remap ports. It’s more of a pass-through proxy. There is “Proxy Anything” in Beta testing, but it’s not currently flexible enough map the ports you listed.

Here are the pass-through ports: