CD
Cloudflare Developers4mo ago
Khôra

Domain is being weird after switching from Full (Strict) back to Flexible

Hey there! Unfortunately I got myself in a bit of a pickle with my game lol. I thought it would be better to use cloudflare tunnels to run my websocket servers to handle all kinds of player actions, on top of installing an origin cert on my nginx server, in attempts to avoid more often at least, random disconnects, as I was under the impression using the specified ports could lead to worse disconnects, but now I'm not so sure on that lol. I installed the origin cert and enabled ssl in my nginx configs, and then switched to Full (Strict). Comes to find out it wasn't working or at least to the extent I wanted to, so I tried reverting everything I did, from nginx configs to just simply switching back to Flexible. Now for the most part things were good, but now here's where the actual issue comes in (sorry just getting to the point). I have a WordPress thing also installed on my system and it was working fine before I made any initial changes, and was using letsencrypt for it's SSL. Now that I've made these changes and reverted, the blog just loads my home page instead of the blog itself. I tried just about everything to fix it I feel like, from checking configs to making sure I didn't make other changes in cloudflare (I didnt). Nothing seems to be working, except when I either temporarily disable proxying for that subdomain, which doesn't load it properly but still somewhat loads, or if I set the TLS option to Full (not strict) but that makes it ONLY show the news page loading properly with ssl. Going elsewhere on the site just makes it load the blog. I have genuinely never ran into something this crazy before lol.. I just want to use my site as normal again before I was an idiot and made the changes. I hope someone is able to help, sorry ik this is a lot to read 😭🙏
14 Replies
imabee
imabee4mo ago
if you have a redirect at your webserver from port 80 to 443, it can sometimes cause cloudflare to get caught in a redirect loop when using flexible mode
Khôra
KhôraOP4mo ago
I mean I have cloudflare settings set to always use https and maybe a couple rules to ensure its always using https, but weird how it'd be affecting my server as a whole now? in terms of a redirect within the nginx config I dont think there is, or at least not now. I did implement a small thing in the default config when I was switching to Full (Strict) but I removed it and so on when reverting before reverting I added this simple block but since been removed 
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;
    return 301 https://$host$request_uri;
}
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;
    return 301 https://$host$request_uri;
}
@imabee
imabee
imabee4mo ago
remove this and just leave 443 see if that cures it it's trying to connect to the origin on port 80 then it receives the 301 as the response to upgrade to https then it fails
imabee
imabee4mo ago
https://developers.cloudflare.com/ssl/troubleshooting/too-many-redirects/
Cloudflare Docs
ERR_TOO_MANY_REDIRECTS
Learn how to troubleshoot ERR_TOO_MANY_REDIRECTS when using Cloudflare SSL/TLS.
imabee
imabee4mo ago
(if the page loads for you, that's excellent) 
If your domain's encryption mode is set to Flexible, Cloudflare sends unencrypted requests to your origin server over HTTP.

Redirect loops will occur if your origin server automatically redirects all HTTP requests to HTTPS.
If your domain's encryption mode is set to Flexible, Cloudflare sends unencrypted requests to your origin server over HTTP.

Redirect loops will occur if your origin server automatically redirects all HTTP requests to HTTPS.
I hope that's enough for you to get going
Khôra
KhôraOP4mo ago
just to update, I had already removed that from my config and it didnt fix it. I also removed all cloudflare options to always use https and confirmed there was no more redirects from my server as an http connection went through although my browser still auto directs to https itself I think. still, figured that wouldnt be too many redirects, but nothing worked. so im just going to try setting everything on my server to listen on 443 instead of 80, even though I've literally never had to do that till now which is odd to me will let you know how that goes because when I put it on Full mode its able to load my wordpress blog part of my site and uses that as the "default" home page and wont lemme access anywhere else, and its alrdy listening on 443 so I feel like if I just make everything else listen on 443 everything will just work again lol
imabee
imabee4mo ago
what do you mean it uses the default home page?
Khôra
KhôraOP4mo ago
I mean like it acts like its the home page because it doesnt let you go to any other part of the domain besides the blog atp but on Flexible mode I cant access the blog but can access everywhere else but I'm currently making every subdomain listen on 443 instead of 80. I tested with 1 config and I was able to access both my blog and another subdomain so I think if I just do that I'll solve my issue @imabee my issue seems to be just about solved now, I got it handled. I appreciate the help! [: thank you
imabee
imabee4mo ago
You may want to detail what you did to solve it for the next person searching 🙂
Khôra
KhôraOP4mo ago
I still have no clue what exactly caused it, but I just had to make all domains in my nginx configs listen on 443 with a letsencrypt cert and set my Cloudflare SSL/TLS mode to Full
imabee
imabee4mo ago
If they’re all using valid certs you could change it to strict fyi Just note that if one cert expires that domain name will throw ssl/tls errors
Khôra
KhôraOP4mo ago
Strict as in Full (Strict) or the one above that? Also thank you again
imabee
imabee4mo ago
Full strict would enable tls validation (IE checking to see if your letsencrypt cert is valid)
Khôra
KhôraOP4mo ago
I appreciate it! (:

Did you find this page helpful?