+++
title = "My Path Down The Road of Cloudflare's Redirect Loop"
author = ["Elia el Lazkani"]
date = 2020-01-27T21:00:00+01:00
lastmod = 2021-06-28T00:01:07+02:00
tags = ["cloudflare", "cdn"]
categories = ["misc"]
draft = false
+++

I have used **Cloudflare** as my _DNS manager_ for years, specifically because it offers **API** that works with **certbot**.
This setup has worked very well for me so far.
The only thing that kept bothering me is that every time I turn on the _CDN_ capability on my **Cloudflare** , I get a loor error.
That's weird.

<!--more-->


## Setup {#setup}

Let's talk about my setup for a little bit.
I use **certbot** to generate and maintain my fleet of certificates.
I use **Nginx** as a web-server.

Let's say I want to host a static content off of my server.
My **nginx** configuration would look something like the following.

```text
 server {
     listen   443 ssl;
     server_name  server.example.com;

     ssl_certificate /path/to/the/fullchain.pem;
     ssl_certificate_key /path/to/the/privkey.pem;

     root   /path/to/data/root/;
     index  index.html;

     location / {
             try_files $uri $uri/ =404;
     }
 }
```

This is a static site, of course.
Now you may ask about _non-SSL_.
Well, I don't do _non-SSL_.
In other words, I have something like this in my config.

```text
 server {
     listen 80;
     server_name _;

     location / {
         return 301 https://$host$request_uri;
     }
 }
```

So, all _http_ traffic gets redirected to _https_.


## Problem {#problem}

Considering the regular setup above, once I enable the "proxy" feature of **Cloudflare** I get the following error.

[<img src="/ox-hugo/too-many-redirects.png" alt="too-many-redirects.png" />](/ox-hugo/too-many-redirects.png)
\#+BEGIN\_EXPORT html

That baffled me for a bit.
There is no reason for this to happen.
I decided to dig deeper.


## Solution {#solution}

As I was digging through the **Cloudflare** configuration, I stumbled upon this page.

{{< figure src="/ox-hugo/flexible-encryption.png" caption="Figure 2: Flexible Encryption" target="_blank" link="/ox-hugo/flexible-encryption.png" >}}

This is interesting.
It says that the connection is encrypted between the broswer and **Cloudflare**.
Does that mean that between **Cloudflare** and my server, the connection is unencrypted ?

If that's the case, it means that the request coming from **Cloudflare** to my server is coming on _http_.
If it is coming on _http_, it is getting redirected to _https_ which goes back to **Cloudflare** and so on.

```text
THIS IS IT ! I FOUND MY ANSWER...
```

Alright, let's move this to what they call "Full Encryption", which calls my server on _https_ as it should.

{{< figure src="/ox-hugo/full-encryption.png" caption="Figure 3: Full Encryption" target="_blank" link="/ox-hugo/full-encryption.png" >}}

After this change, all the errors cleared up and got my blog up and
running again.