Cloudflare Developers•3y ago

Try to set it to flexible

nikiv.dev•9/7/23, 2:47 PM

cloudflare maybe should not allow this setup

nikiv.dev•9/7/23, 2:47 PM

with full it works https://learn-anything.xyz

Learn Anything

Search Interactive Mind Maps to learn anything

nikiv.dev•9/7/23, 2:47 PM

and https thing off

nikiv.dev•9/7/23, 2:47 PM

i guess i can do full + https option on?

kian•9/7/23, 2:47 PM

Yep

nikiv.dev•9/7/23, 2:48 PM

this one

KKasumi Try to set it to flexible

Chaika•9/7/23, 2:48 PM

Flexible would break it, the reason why he has that issue is because CF was on Flexible, sending http requests to Google, and Google was responding with a redirect to https

KasumiOP•9/7/23, 2:48 PM

Ohhhh okay yea

Chaika•9/7/23, 2:49 PM

Full (Strict) is better if you can, Full isn't fully secure, doesn't validate the cert

nikiv.dev•9/7/23, 2:49 PM

its strange though i have 2 other sites on cloudflare

KasumiOP•9/7/23, 2:49 PM

I'm scared of taking the whole infrastructure or a part of down by changing it

nikiv.dev•9/7/23, 2:49 PM

that had flexible + https redirect thing

nikiv.dev•9/7/23, 2:49 PM

and they worked

nikiv.dev•9/7/23, 2:49 PM

but this new site broke

KasumiOP•9/7/23, 2:49 PM

kian•9/7/23, 2:50 PM

It depends if your website will serve the content on HTTP

kian•9/7/23, 2:50 PM

If not, which it shouldn't, the user receives a redirect to HTTPS - but Cloudflare sends it over HTTP - and it does it again, and again, and again

Euro Ali•9/7/23, 2:50 PM

Is anyone currently having trouble connecting to cloudflare websockets?

nikiv.dev•9/7/23, 2:50 PM

what is responsible for saying my site is servable on http

nikiv.dev•9/7/23, 2:51 PM

is it one of dns entries?

nikiv.dev•9/7/23, 2:51 PM

have bunch of stuff in there

Chaika•9/7/23, 2:51 PM

Your origin web server

Chaika•9/7/23, 2:51 PM

If it is configured to redirect all requests from http to https itself, just like the Cloudflare setting, you run into that issue

nikiv.dev•9/7/23, 2:52 PM

oh so like nginx

nikiv.dev•9/7/23, 2:52 PM

i see

nikiv.dev•9/7/23, 2:52 PM

havent touched that code in a while

Chaika•9/7/23, 2:53 PM

You should really use Full (Strict) in all cases, all other settings are lying to the user about security/not fully secure, or Off if you don't plan on having https

nikiv.dev•9/7/23, 2:54 PM

ok made full (strict)

Chaika•9/7/23, 2:54 PM

Full (Strict) is the same security/validation (mostly) as the browser has for ssl certs. Full is "accept any, even self-signed", and Flexible is http to origin, even if visitor is over https (very insecure & lying to visitor)

Chaika•9/7/23, 2:54 PM

Chaika•9/7/23, 2:55 PM

one day hopefully Cloudflare will just nuke the other settings, one can hope. I've heard recently that the default should be "Full" now, but not sure that's the case

nikiv.dev•9/7/23, 2:55 PM

yea cloudflare settings are overwhelming

nikiv.dev•9/7/23, 2:55 PM

always afraid to toggle anything

nikiv.dev•9/7/23, 2:56 PM

even things like brotli compression

nikiv.dev•9/7/23, 2:56 PM

remember it broke my site too at some point

KasumiOP•9/7/23, 3:39 PM

Things that could be cool: Cloudflare as your ISP

Chaika•9/7/23, 4:21 PM

yea but warp doesn't fix the fact my upload is only 20 mbps ;p

CChaika yea but warp doesn't fix the fact my upload is only 20 mbps ;p

Unsmart•9/7/23, 4:29 PM

Warp makes my internet go from 2/2Gbps and 3/8ms to 800/300Mbps and 3/81ms sad

(download/upload and unloaded/loaded latency)

CChaika yea but warp doesn't fix the fact my upload is only 20 mbps ;p

Isaac McFadyen•9/7/23, 5:54 PM

warp doesn't fix the fact that my download is 20mbps lul

Isaac McFadyen•9/7/23, 5:54 PM

dsl :(

Original message was deleted

Chaika•9/7/23, 5:58 PM

but why? It's emulating exact browser behavior

Chaika•9/7/23, 5:59 PM

Even if it was https to origin, you'd still be http to CF which would be insecure, if you wanted security, use Always Use HTTPS and avoid that path entirely

Chaika•9/7/23, 6:02 PM

meh, I think if you want any security, just go full HTTPS with Always use HTTPS

Chaika•9/7/23, 6:03 PM

we were promised Strict SSL setting for free though and never got it