Stop HTTPS Redirection for subdomain

https

#1

Hello

I have my website proxied through CloudFlare, using flexible SSL. That’s working great…

But I have another subdomain I want to point to my home. This web server cannot do HTTPS, so it HAS to use Flexible SSL [I think?]

However, when I point a browser to http://abc.123.website.com:2086/ my browser automatically forwards me to the https://abc.123.website.com:2086/ version, and I get a “this site can’t provide a secure connection” message in Chrome.

I am using a non-standard HTTP port on purpose - port 80 on the origin server is used for other purposes. I also have HSTS enabled on the root of the domain, but not set to affect subdomains.

I’m sure I’m missing something quite simple here. Any ideas?


#2

On your Crypto page, you may have “Always Use HTTPS” enabled.

You can either add a Page Rule to disable the above option for your sub domain…OR turn that feature off, then add a Page Rule to ENable that feature for the root domain.


#3

Ah, indeed that rule was set. I’ve disabled it and can access the subdomain normally now.

Is it possible to be able to use HTTPS to CloudFlare for this subdomain, even though the origin server will not allow SSL connections?


#4

You can also use a Page Rule to set SSL Mode to Flexible, Full, and Full (Strict).


#5

I see… thanks for your input.
I’m a bit confused on how I should do this, given a couple constraints:

  1. The service I have running on the origin server simply cannot do HTTPS
  2. It also can’t use port 80, as that’s already taken

I have it set to use 2086 right now, and that’s working fine - no SSL either between end-browser and CloudFlare, nor between CloudFlare and origin.

If I attempt to connect to https:// on port 2086, I get an error:
Firefox: SSL received a record that exceeded the maximum permissible length.
Chrome: ERR_SSL_PROTOCOL_ERROR

If I change the service on the origin to listen on 2087 [designated HTTPS traffic?], I get:
Firefox: Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Am I out of luck and HAVE to use regular HTTP since I’m on a non-standard port?