Issue with Cloudflare and SSL

Hi, hope everyone is doing great!

I have an issue with my website (develped using php) and after several hours of “googling”, i could not manage to solve it.

I want to force the users to the https version of my site, and i was used to handle this using $_SERVER[‘https’]. When i started using Cloudflare and the ‘proxy’ option, that parameter became non-declared. I have read that X-FORWARDED-PROTO is an alternative but, even accessing the site using https://, its value is ‘http’.

So the issue is definitely with Cloudflare, what could it be? Thanks a lot in advance!

Was it forcing them by giving them a 301/302 redirect?

Cloudflare already does this in the TLS/SSL’s “Edge Certificates” section with the “Always Use HTTPS” setting. The “Automatic HTTPS Rewrites” option is handy as well.

So, what’s Your set in cloudflare SSL section, is it flexible or Full? If flexible, then You shouldn’t set https in Your side and if You’re set to full, then You’ve to have SSL in Your hosts and You can set to https.

Hey sdayman, thank you for the quick help! Sorry for not bringing all the details.

I have removed my redirections and tried using the option you suggest and it results on a redirection loop. I assume that cloudflare is trying to identify the protocol0 in the same way as i am but unsuccessfully, therefore the loop

Hi, sales61, thank you for the quick help! Sorry for not bringing all the details.

My SSL is set to Flexible and i removed the redirections on my end, using the cloudflare tools, it results on a redirect loop (more details on my previous response)

Flexible is a big pain for any setup that tries to set HTTP or HTTPS. Is there any way you can enable TLS at your server? Are you using cPanel, or something else that will let you add a certificate?

I am indeed using cPanel and it provides a certificate, but i would still like to make this work since cloudflare provides a lot of tools when proxied.

Don’t use Flexible SSL. With full end-to-end SSL, it will make your life much easier. So let cPanel install a certificate and set Cloudflare SSL/TLS to Full (Strict).

1 Like

Okay, i’m trying to make this work using the “full (strict)” feature but i’m getting an 502 error when accessing using ‘https://’. I installed a CF origin certificate on my server. What could be happening? thanks in advance again, sdayman!

در تاریخ سه‌شنبه ۵ نوامبر ۲۰۱۹،‏ ۱۹:۳۶ jreyes via Cloudflare Community [email protected] نوشت:

Guys, any update on the help?

Well i also want to do this on my new website i.e.

Please help

That domain is not using Cloudflare.