blog.lazkani.io/content/posts/my-path-down-the-road-of-cloudflare-s-redirect-loop.md

99 lines
2.8 KiB
Markdown
Raw Permalink Normal View History

+++
title = "My Path Down The Road of Cloudflare's Redirect Loop"
author = ["Elia el Lazkani"]
date = 2020-01-27
lastmod = 2020-01-27
tags = ["cloudflare", "cdn"]
categories = ["misc"]
draft = false
+++
I have used **Cloudflare** as my _DNS manager_ for years, specifically because it offers **API** that works with **certbot**.
This setup has worked very well for me so far.
The only thing that kept bothering me is that every time I turn on the _CDN_ capability on my **Cloudflare** , I get a loor error.
That's weird.
<!--more-->
## Setup {#setup}
Let's talk about my setup for a little bit.
I use **certbot** to generate and maintain my fleet of certificates.
I use **Nginx** as a web-server.
Let's say I want to host a static content off of my server.
My **nginx** configuration would look something like the following.
```text
server {
listen 443 ssl;
server_name server.example.com;
ssl_certificate /path/to/the/fullchain.pem;
ssl_certificate_key /path/to/the/privkey.pem;
root /path/to/data/root/;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
```
This is a static site, of course.
Now you may ask about _non-SSL_.
Well, I don't do _non-SSL_.
In other words, I have something like this in my config.
```text
server {
listen 80;
server_name _;
location / {
return 301 https://$host$request_uri;
}
}
```
So, all _http_ traffic gets redirected to _https_.
## Problem {#problem}
Considering the regular setup above, once I enable the "proxy" feature of **Cloudflare** I get the following error.
[<img src="/ox-hugo/too-many-redirects.png" alt="too-many-redirects.png" />](/ox-hugo/too-many-redirects.png)
\#+BEGIN\_EXPORT html
That baffled me for a bit.
There is no reason for this to happen.
I decided to dig deeper.
## Solution {#solution}
As I was digging through the **Cloudflare** configuration, I stumbled upon this page.
{{< figure src="/ox-hugo/flexible-encryption.png" caption="Figure 2: Flexible Encryption" target="_blank" link="/ox-hugo/flexible-encryption.png" >}}
This is interesting.
It says that the connection is encrypted between the broswer and **Cloudflare**.
Does that mean that between **Cloudflare** and my server, the connection is unencrypted ?
If that's the case, it means that the request coming from **Cloudflare** to my server is coming on _http_.
If it is coming on _http_, it is getting redirected to _https_ which goes back to **Cloudflare** and so on.
```text
THIS IS IT ! I FOUND MY ANSWER...
```
Alright, let's move this to what they call "Full Encryption", which calls my server on _https_ as it should.
{{< figure src="/ox-hugo/full-encryption.png" caption="Figure 3: Full Encryption" target="_blank" link="/ox-hugo/full-encryption.png" >}}
After this change, all the errors cleared up and got my blog up and
running again.