Virtual Host not working when CF Proxy is enabled

Hello there.

I have recently set up cloudflare for an extra domain.
I have already a few vhosts on my apache running, all of them are working fine (HTTP/HTTPS all fine).
But when accessing my domain with CF-Proxy I’ll get redirected to the default host. When I set up my domain to use DNS-Only it works perfectly fine.

Server Specs:
Webserver Apache2
OS: Debian 8 Jessie
Subdomain points to Origin via A record

Thanks in advance!

Is the host properly configured for HTTPS? What is the host?

Cloudflare SSL is set to Full.

Origin SSL is good, all domains are listed in the certificate.

I use a .dev domain, which only allows HTTPS connections.

What is the host?

Remote url would be:

Should show “Nothing here”. If it shows a website, its the default host. Origin IP is
So I disabled CF Proxy for now.

Seems to work for me

$ curl -i --resolve
HTTP/1.1 200 OK
Date: Fri, 24 May 2019 07:18:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=de72a100735bcb88788ff23224f52ec5f1558682308; expires=Sat, 23-May-20 07:18:28 GMT; path=/;; HttpOnly; Secure
Last-Modified: Sun, 19 May 2019 15:59:43 GMT
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri=""
Server: cloudflare

<h1>Nothing here</h1>

This is the result with DNS only.

When I enable CF Proxy it will work for a few hours and then it will redirect to the main host.

I believe I earlier sent a direct request (not via Cloudflare) and it also returned your main page. I’d double check if there could be some glitch in your server configuration which might serve the other page for some reason (path, redirect, etc.).

Yeah that might be possible, because I played around with the configuration (with CF Proxy enabled).
If you clear caches and retry again now, it should return the Nothing here page.

I also reactivated CF Proxy, so if everything is as I expect, the issue will occur again later this day.
If you don’t mind I would give you a ping then.


Cant give a guarantee how quickly I can respond, but sure, ping along :slight_smile:

For now I created sym-links to the main page to have at least static files served there, so I don’t mind if an answer takes a few hours. I just want to have it served for the future as I have to link all files manually at the moment. :smiley:

@sandro here we are again, I just cleared my DNS cache, restarted apache and refreshed the webpage. No configs changed:

I was about to send a response :slight_smile:

I just noticed it too, however it comes straight from your server

Check your server configuration, particularly paths etc, as mentioned earlier.

<IfModule mod_ssl.c>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.

    ServerAdmin [email protected]
    DocumentRoot /var/www/cdn


    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Include /etc/letsencrypt/options-ssl-apache.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Is something wrong with this configuration?

Its working fine as long as DNS-only is enabled

Most likely, but it would require a detailed analysis of that configuration. I’d take that question to StackExchange or alike.

I am afraid it is something in your configuration and not Cloudflare’s.

I probably found the solution in the Virtual Host header… I set the domain there, but I cannot listen on cloudflares edge-servers ips. However *:443 did not work, I had to specify the ip - Now it is working again.

Thank you @sandro :smiley:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.