I’m struggling to get Cloudflare-hosted domains to work with Heroku-hosted websites.
I have a domain (
beta.newerawrestling.co.uk). I’ve added a
CNAME record pointing to the Heroku DNS target (the
XXX.herokudns.com URL). The
CNAME has Cloudflare proxying enabled, and SSL/TLS is set to “Flexible”. However, whenever I make requests to
https://beta.newerawrestling.co.uk, it just gets stuck in 301 redirect loops trying to redirect to the HTTPS version.
The guide I followed was this one:
What step am I missing, or doing incorrect?
This one is the problem.
The guide I linked to specifies to use “Flexible” though. What’s the difference between the two?
Well, it says:
Considering the stuff below, you do now know what it means, and … the advice about Flexible will therefore fall apart.
Flexible isn’t secure.
It connects from Cloudflare to the origin (e.g. Heroku) via insecure HTTP, leaving your users with the deception that your site is secure, when it really isn’t.
Visitor ← SECURE → Cloudflare ↔ INSECURE ↔ Heroku.
Apologies for selecting “Flexible” because I thought I wanted to serve my site over HTTPS to all public visitors. That was a silly assumption of mine to make, wasn’t it?
Can we assume that you’re able to read “
to public visitors”?
There is more than just “
to public visitors”, when dealing with reverse proxies like e.g. Cloudflare.
@sandro made a good write up about that over here:
Unencrypted & unverified connections
Imagine you open Paypal and suddenly get that warning
Would you continue? Probably not. For decades leaders in IT security have advocated that people upgrade their sites from unencrypted HTTP to secure HTTPS. And for a reason, everything you send via an HTTP connection is sent in plain text and can be intercepted at any point between you and the server.
Equally, you’d probably not proceed if you got such a warning, right?
That’s when th…
That said, thanks for the downvote, … that one is very appreciated.
Yes. And I assumed members of the public trying to visit my site would be “public visitors”.
Drop the attitude and rudeness. You didn’t have to help me. If I knew any better than I wouldn’t have made the mistake, would I? But there’s no need to be an ■■■ about it, like you have been.
I am simply sharing the solution to your problem, and explaining why it happens, that’s all.
Where exactly do you see (or understand) that I am having an attitude, or being rude?
D’oh! I actually had my suspicious about that specific one:
That was meant solely towards the guide you were referring to, and not at all towards you.
I should have been more clear about that specific part, which I apologize for.
That one was a response towards your downvote and attitude here:
Again, I apologize for not making it clear enough that it was the guide I declared as awful, and facepalmed about (and
NOT actually about you in any way)!
Ah, OK. Sorry for misinterpreting as directed at me. My bad.
Glad we sorted it out.
I definitely bear responsibility as well, as I could have have added guide, so it said “Awful guide”. In hindsight, I suppose alone that extra would have done a lot!
Thanks for also being there to solve our strife.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.