Hi, I have DNS on cloudflare and the record is proxied. If i hit the domain with HTTPS the page loads as expected, if I use HTTP the page also loads as expected.
However if I enable redirect all request to SSL, then it breaks something.
The requests end up on a redirect loop.
curl: (47) Maximum (50) redirects followed
Has anyone else come across this issue and have an idea how to resolve it?
Thanks
That’s dangerous. It would only be safe if using the Cloudflare tunnel product (I don’t remember what it’s called, and I’m not really recommending it, just saying that if you’re not encrypting between your server and Cloudflare, you are open to MITM attacks).
When you use Cloudflare’s “Flexible SSL”, it terminates HTTPS at Cloudflare and then communicates with your server over plain HTTP.
The web server on your Virtualmin box receives that incoming HTTP request, and with its “Redirect all requests to SSL site” option enabled, it sends the request back to HTTPS.
Cloudflare then receives that redirect and starts the cycle again, creating an infinite loop. This is likely the reason why it’s happening.
The solution is to switch Cloudflare to at least “Full” or better “Full (strict)” mode in the SSL/TLS section.
And remember, you should never trust anyone communicating with your web server using HTTP, except possibly within a local network. Yet, it’s still not recommended.
Thanks for the tips, I’ve tried enabling “Full (Strict)” mode in cloudflare, but if the request is using http, it doesn’t aotomatically switch to https. This option SSL Origin Pull sounds like it would do the trick, however it requires an enterprise plan 
I’m thinking it may just be easier to disable port 80 for the domain, whats the best way to do this?
Cheers
Need port 80 for cert renewal from Letsencrypt I think
Ahh yeah, bugger!
If you use cloudflare your not using Letsencrypt as your use Cloudflare for the ssl or am I wrong there and you need to turn the redirect off in Virtuamin.
I use cloudflare only as dns so I use letsencrypt for the certs. So need port 80 open
OP is proxying so then trafffic goes through cloudflare first with a different IP.
I just created account with cloudflare and the website shows there cert is Google
and virtualmin is using self-signed
Cloudflare docs on the redirect to https
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
