Troubleshooting 301 redirect "This webpage has a redirect loop" error with CloudFlare SSL


(Tobias Eigen) #1

Continuing the discussion from Allowing SSL for your Discourse Docker setup:

I ran into an odd problem after following the steps to allow SSL for my discourse docker setup - after turning on cloudflare, my chrome web browser started showing me a “this webpage has a redirect loop” error. It was not showing up when cloudflare was disabled. So I assumed it was a cloudflare issue and submitted a ticket. The response I got is below which I wanted to share for future reference for myself and for others who might find themselves in this situation.

The answer was to bootstrap my container to reflect the new templates - @sam’s instructions to run ./launcher rebuild app didn’t do it in my case unless I am confused (which is quite possible! :smile:). I ran ./docker bootstrap app it immediately started working correctly again.

The troubleshooting commands that showed the problem are here - you would replace URL with your forum URL and IP with your destination IP.

$ curl -vso dev/null https://forum.kabissa.org/ 
$ curl -vso dev/null -H "host: forum.kabissa.org" 192.241.191.60 

And the full explanation from cloudflare support:

Hi Tobias,

Taking a look, I wasn’t able to trigger the error - the site would resolve with both SSL and CloudFlare active. However I did notice that requests sent to the domain would never respond properly - there is a 301 redirect on forum.kabissa.org that points to itself:

$ curl -vso dev/null https://forum.kabissa.org/

  • Trying 141.101.127.23…
  • Connected to forum.kabissa.org (141.101.127.23) port 443 (#0)
  • TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • Server certificate: ssl7438.cloudflare.com
  • Server certificate: GlobalSign Organization Validation CA - G2
  • Server certificate: GlobalSign Root CA
    GET / HTTP/1.1
    User-Agent: curl/7.30.0
    Host: forum.kabissa.org
    Accept: /

< HTTP/1.1 301 Moved Permanently

  • Server cloudflare-nginx is not blacklisted
    < Server: cloudflare-nginx
    < Date: Tue, 07 Oct 2014 20:57:41 GMT

    < Location: https://forum.kabissa.org/

The redirect was in place even if I send a request directly to you origin:

$ curl -vso dev/null -H “host: forum.kabissa.org” 192.241.191.60

  • About to connect() to 192.241.191.60 port 80 (#0)
  • Trying 192.241.191.60…

    < HTTP/1.1 301 Moved Permanently
  • Server nginx/1.6.2 is not blacklisted
    < Server: nginx/1.6.2
    < Date: Tue, 07 Oct 2014 21:03:17 GMT

    < Location: https://forum.kabissa.org/

While I was unable to trigger it from my end, likely this is why the loop is ocurring. You will need to remove this 301 redirect set on forum.kabissa.org.

I hope that helps, but if you have any questions or concerns please let me know.

Jeremy


(Jeff Atwood) #2

@sam is there any reason bootstrap would be required here?


(Sam Saffron) #3

Rebuild does a bootstrap. There is a long standing issue I need to fix though, it starts the process with a git pull, but does not re-launch itself if it detects changes. I want to get that fixed.

Regardless - Rebuild == git pull - bootstrap - destroy - start


(Kane York) #4

Try this:

#!/bin/bash

if [ -f zzzzzz ]; then
        rm zzzzzz
        echo "removed zzzzzz"
        exec $0 $@
fi

touch zzzzzz
echo "created zzzzzz"

The ‘exec’ command replaces the shell process.


#5

leaving this for others reaching this topic after me

did the ssl setup as in the first post
was using cloudflare as cdn front end
got a redirect loop

the solution to my redirect loop problem was changing ‘flexible’ to ‘full’ in cloudflare ssl configuration, as explained here: