Possible bug - HTTP redirect loop when DNS is proxied

Hi. I am getting a strange bug after I’ve attempted to configure my web server to redirect all HTTP requests to HTTPS, and strips third-level domain, “www”, from the URL.

If I switch “Proxied DNS” to “DNS only”, the problem resolves. Enabling “Development mode” does not solve the issue. I am observing the same behaviour with several domains.

Here is a rudimentary NGINX configuration:

##############################################
# example.com
##############################################

server {
    listen 443      ssl;
    listen [::]:443 ssl;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include             /etc/letsencrypt/options-ssl-nginx.conf;
    server_name         example.com;
    root                /var/www/example.com/html;
    index               index.html;
}

##############################################
# Redirect HTTP to HTTPS (both www. and no-www.)
##############################################

server {
    listen 80;
    listen [::]:80;
    return 301 https://example.com$request_uri;
    server_name www.example.com example.com;
}

##############################################
# Redirect www.example.com to example.com
##############################################

server {
    listen 443          ssl; 
    listen [::]:443     ssl;
    ssl_certificate     /etc/letsencrypt/live/www.example.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; 
    include             /etc/letsencrypt/options-ssl-nginx.conf; 
    server_name         www.example.com;
    return 301          https://example.com$request_uri;
}

If “DNS proxy” is enabled for both www.example.com and example.com, and “Development mode” is on, I get an endless loop:

wget -H http://www.example.com/\?param\=test

resolves as 172.67.176.105, 104.24.98.187, 104.24.99.187 and then redirects with HTTP 301 to

https://www.example.com/\?param\=test

which loops endlessly with HTTP 301 to itself.

Disabling “DNS proxy” (and flushing local DNS cache) immediately resolves the problem - there is no endless loop on HTTPS URL.

I believe it is some bug with either “Development mode” (that doesn’t prevent caching) or with DNS proxy.

1 Like

Do you have SSL Mode set to Flexible?

Set it to Full (Strict) should resolve this issue. You should also enable Always Use HTTPS.

Thanks, I’ll try that. My additional hypothesis is that for some reason the “www” third-level domain was set as an “A”-record to the IPv4 address of the server and that caused this behaviour. I’ve changed it so “www” became a CNAME to “example.com”.

OK, those changes helped to resolve my problem, thanks for the suggestions!

This topic was automatically closed after 30 days. New replies are no longer allowed.