Cloudflare and nginx: Too many redirects
These questions with run-away redirects come up all the time!
Usually, the problem lies with the fact that 301 Moved Permanently responses are often cached within the browsers "for good", and there is often no way to CtrlR nor CtrlShiftR out of it, short of clearing the whole cache. (This is one of the reasons I often prefer 302 Found / 302 Moved Temporarily instead, especially during the development phase, because 302 responses are generally not cached at all by default.)
Additionally, if you've had HSTS in the past, and it was successfully fetched and quietly installed by the browser under the hood, and was never explicitly cleared nor expired yet, then the browser would never make any subsequent requests over http:// until and unless the policy is cleared -- all requests would always be over https://.
As for putting CloudFlare into the mix, doesn't it alleviate the need to have so many different server definitions and redirects in the first place, since your IP address is supposed to be hidden? I'm not sure what good it does to presumably hide your IP address behind CloudFlare, yet openly reveal the domain name it serves for anyone doing a global internet scan.
As you already ran through all the "SSL modes" offered by CloudFlare, I would suggest to change all your 301 permanent redirects to 302 temporary redirects (if not remove all of these in entirety in the first place), clear the browser's cache, and then try circling around the ssl options again. :-)
After tryouts I found that this is only related to Cloudflare. Because I had no redirect problem before moving to Cloudflare.
In my case it was a simple fix like this. Select [Crypto] box and select Full (strict) as in the image.
Really, you can try this out first before any other actions.
Troubleshooting redirect loop errors
Resolve redirect loop (
too many redirects) errors that prevent visitors from viewing your website.Cloudflare SSL options incompatible with your origin web server
The most common cause of redirect loops is due to a combination of
- a redirect performed by your origin web server, and
- a Cloudflare SSL option that is incompatible with the redirect performed by your origin.
Cause
The “Flexible” SSL encryption mode in the Cloudflare “SSL/TLS” app, “Overview” tab, encrypts traffic between the browser and the Cloudflare network over HTTPS. However, when the “Flexible” SSL option is enabled, Cloudflare sends requests to your origin web server unencrypted over HTTP. Redirect loops occur if your origin web server is configured to redirect all HTTP requests to HTTPS when using the “Flexible” SSL option.
Redirect loops may also occur when using the “Full” or “Full(strict)” SSL option. The only difference is that Cloudflare contacts your origin web server over HTTPS and the redirect loop occurs if your origin web server redirects HTTPS requests to HTTP.
Resolution
Update the Cloudflare SSL option in the “SSL/TLS” app, “Overview” tab.
- If currently set to “Flexible”, update it to “Full” if you have an SSL certificate configured at your origin web server.
- If currently set to “Full”, try updating it to “Flexible.”
@prosti provided the solution. I'll add some explanation here about why the redirection loop happens.
After Cloudflare CDN is setup in front of Nginx server. Clients don't have direct access to Nginx anymore. The content is fetched by the intermedia proxy provided by Cloudflare. The cause of the problem is this very proxy doesn't follow redirection set on Nginx. Or you can deem it's hardcoded.
Unlike a web browser who follows the 302/301 redirection. The behavior of the proxy, access the Nginx on our VPS by HTTP or HTTPS, is configured in Cloudflare Dashboard -> "SSL/TLS".
The solution is to configure the encryption level higher than "Full".