Nginx redirect from www to a base domain doesn't work when proxied via cloudflare

Hello,

In our nginx configuration for domain.com there’s an unconditional redirect from www. domain.#com to domain.#com:

server {
if ($host ~* www.(.)) {
set $host_without_www $1;
rewrite ^(.
)$ https://$host_without_www$1 permanent;
}

listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.3;

server_name www.domain.#com domain.#com;
}

For some reasons when the www domain is proxied by Cloudflare this redirect does not work.

We have verified that this redirect indeed works when accessing our servers directly i.e. when bypassing Cloudflare.

We have no idea how to fix this misbehavior.

Don’t mind the #s - I’ve added them because otherwise this forum software doesn’t allow me to create a new topic.

For starters, you can do that on Cloudflare as well - Redirect www.example.com to example.com

What’s the domain?

I cannot reveal the domain name publicly as I’m writing from my personal account. If you’re a Cloudflare employee there’s already ticket 2447667 open but there’s been no reply for the past 24 hours.

We’d love to avoid any shenanigans in terms of automatic redirects on the Cloudflare side.

You can post the domain temporarily but without the domain it is not possible for the community to help you.

All right, yes, a request to “www” does not get redirected, however that response comes straight from your server, so I would suggest you check the server logs.

$ curl -i https://www.[DOMAIN]
HTTP/2 200
cf-cache-status: DYNAMIC

Just like I said after disabling Cloudflare proxying, the redirect does work right away.

It looks like Cloudflare removes www. on its own and our servers see the base domain instead.

The response still comes from your server, your server might be configured to skip the redirect for Cloudflare requests.

The bottom line is, that response comes from your server and you will need to check the logs.

Considering that you seem to use the load balancer, you might even have an inconsistent configuration on those servers. Again, you best check the logs.

All of that is assuming you are not rewriting the host header on Cloudflare’s side of course. You don’t, right?

I’m checking, please wait. There’s something quite complicated here which I’m not entirely sure how it works exactly.

Sure. Should you change the host header on Cloudflare’s side, then your server will never get a “www” request.

I would still recommend to use aforementioned tutorial to send the redirect on the proxies.

Support has finally replied:

It seems like you have overridden your origin on your load balancer:

With those in place, any requests to origin will have Host: a-ads.com header.

For more information, please see: https://developers.cloudflare.com/load-balancing/additional-options/override-http-host-headers/

I’m checking it out.

Yeah, that’s what I was referring to.

I feel stupid and I’ve no idea how to disable this feature.

Should I remove Header NameHost from both origins?

Yes, that currently rewrites the host header to the naked domain.

Thanks a lot!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.