Too many redirect with cloudflare

tonysar · December 16, 2023, 10:15pm

Hello.
I have Linux ubuntu vps, Apache reverse proxy with Kestrel as upstream . I have installed Lets Encrypt on the apache. currently sites works without major issue related to SSL , however, when i try to use Cloudfare , I end up with Too many Redirect issue. I have checked , double checked, test , adjusted VHOST .. lost hair . Cried , and nothing really worked. I came cross a similar issue , at resolution was that Lets encrypt certificate might had be faulty .. even though i have use SSL checker and passed A+ but i have no more ideas. so i thought might be best to remove the certificate and reissue new one.
I like to know how i can safely remove ssl from linux and reissue new one .?
I was also told not to allow certbot modify my vhost ..
I used tutorial from digitalocean to generate SSL .
Thanks

tonysar · December 16, 2023, 10:19pm

here is the vhost used for the site .

<VirtualHost *.*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
#Header set Content-Security-Policy "upgrade-insecure-requests"
</VirtualHost>
<VirtualHost *:80>
#Redirect "/" "https://supplysolution.ca"
	ServerAdmin admin@supplysolution.ca
	DocumentRoot /var/www/solution/html

#       ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:5000/ 
#        ProxyPassReverse / http://127.0.0.1:5000/
#        ServerName supplysolution.ca
#        ServerAlias www.supplysolution.ca
#	ProxyRequests off

<Directory /var/www/solution/>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{SERVER_NAME} =www.supplysolution.ca [OR]
RewriteCond %{SERVER_NAME} =supplysolution.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=301,L]
#RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
#RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP:X-Forwarded-Proto} =http
#RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
#Header set Content-Security-Policy "upgrade-insecure-requests"

</VirtualHost>
<VirtualHost *:443>
#RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}

	ServerAdmin admin@supplysolution.ca
	DocumentRoot /var/www/solution/html
	Protocols	h2 http/1.1
	ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:5000/  
        ProxyPassReverse / http://127.0.0.1:5000/ 
        ServerName supplysolution.ca
        ServerAlias www.supplysolution.ca
	ProxyRequests off
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	
	SSLEngine on
	SSLProxyEngine on
	ProxyPreserveHost on
	#SSLCertificateFile /etc/cert/supplysolution.ca.pem
	#SSLCertificateKeyFile /etc/cert/supplysolution.ca.key
	SSLCertificateFile /etc/letsencrypt/live/supplysolution.ca/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/supplysolution.ca/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
	Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
</IfModule>

rg305 · December 16, 2023, 10:43pm

This part should be removed:

The loop is created because the originating HTTP request is handled by CF.
They redirect that to HTTPS.
Then all HTTPS requests are being proxied to your HTTP server.
Your HTTP vhost redirects them to HTTPS.
[but they were already using HTTPS]

The "fix" is in CF.

rg305 · December 16, 2023, 10:45pm

Check this post:

tonysar · December 16, 2023, 11:08pm

Thanks.
I have done that .. on CF , just turned proxy for DNS , I start to get too many redirects error . 3 weeks that im trying to fix this .. i do believe issue is from apache configuration , but there is nothing i can find that is out of documentation so far.

MikeMcQ · December 16, 2023, 11:42pm

Neither of the problems I'll describe are related to Let's Encrypt. You might be better off seeking help on a Cloudflare community forum or even Apache forum.

First, the DNS setting for your www subdomain is different than for your root name supplysolution.ca. These should be the same

Second, some system is redirecting the HTTPS request back to HTTP. This should never happen and my Firefox browser reports this as a redirect that will never complete. I don't know if you have something set in your Cloudflare CDN proxy settings that does this. Or, whether maybe whatever you are proxying to in your Apache system is doing that. You didn't show what is handling the proxypass request to 127.0.0.1:5000 but you should check whatever that is.

The faulty redirect

curl -i https://supplysolution.ca
HTTP/2 301
location: http://supplysolution.ca/
cf-cache-status: DYNAMIC
server: cloudflare

Your faulty DNS

nslookup supplysolution.ca
Address: 104.21.87.150
Address: 172.67.144.28
Address: 2606:4700:3034::6815:5796
Address: 2606:4700:3031::ac43:901c

nslookup www.supplysolution.ca
Address: 148.113.182.142

tonysar · December 17, 2023, 12:05am

Thanks.
Dose NS records are Cloudflare NS that needed to be setup to point to CF ..
I didn't know NS for www pointing to my IP address. i will try to look into , maybe this is reason for redirects.
Thanks for your help. will head to apache as CF community couldn't figure this on out..

MikeMcQ · December 17, 2023, 12:07am

It looks like you disabled Cloudflare proxy on both your domain names now.

Are you still getting the redirect failure?

I see a Kestrel Server actively responding to HTTPS requests (HTTP handled by Apache)

tonysar · December 17, 2023, 12:23am

Yes. I did disable it , when CF disabled i have access to my site .. when CF is on too many redirect issue and in Developer panel all files ends up with 302 redirect ...

phonic2k · December 17, 2023, 10:06am

If you want to use Cloudflare's proxy with a signed certificate, you must ensure that the SSL/TLS encryption mode is set to 'Full (strict)'. To do this, select SSL/TLS for the domain and change the mode; it will then work with proxy mode enabled

tonysar · December 17, 2023, 2:04pm

Thanks.
I have tried everything on CF.. problem starts when i proxy DNS . when that turned on ( orange cloud ) i get too many redirect after few minutes . i have checked my proxy server and there is nothing i can find that is wrong with its configuration .. I believe too many redirect happens due to kestrel that is my upstream asp.net application server , and proxy configuration on my end is based on MSDN tutorial.
at this point my site without CF is working . but having this issue when CF enabled , means configuration on my server has issue that i can not figure out.

system · January 16, 2024, 2:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Will Cloudflare proxy block certbot challenge? Help	21	4941	February 28, 2023
ERR_TOO_MANY_REDIRECTS error Server	12	27935	October 23, 2018
Error "The page isn’t redirecting properly" after change from self-signed to lets encrypt! Help	3	4591	May 22, 2019
Multiple subdomains with multiple web roots, all redirect to the same thing? Server	12	3317	August 16, 2016
Redirecting Problems Server	3	1270	December 6, 2016

Too many redirect with cloudflare

Related topics