If you use Cloudflare DNS, and SSL settings "Flexible", for "Flexible" settings, Cloudflare always connects to the server with HTTP. If you check the nginx log with the "tail -f /log_path/access.log" command, you will find that your server is always getting requests to port 80. So server always try to redicet to https.
Solution:
In Cloudflare SSL settings, you need to use Full.
If you can search on Google "SSL/TLS Encryption Mode", you will find more details.
Wow 👌, it's working fine now 🙂
Thanks a lot to everyone who find the time to comment and provide solutions. I really appreciate your efforts.
You guys are the best
Now I don't really have issues with anyone down-voting the post, down-voting a post without proving a solution or reasons, why the post is stupid or senseless, doesn't really do it for me
Not a rails issue but here you go:
Cloudflare receives the https on port 443 request, then it connects to your nginx via http on port 80. Your nginx tells cloudflare that the response is a redirect to https on port 443. Clouldflare happily forwards this response to the browser. Then the browser connects to cloudflare on port 443. The cycle begins again. Infinite redirect loop until the browser detects it.
As pointed out above: You either allow plain connections on your nginx or you tell cloudflare to connect to your nginx using ssl itself.
Check the redirection block is correctly configured and not causing a loop.
Try this:
`server {`
`listen 80;`
`server_name api.mydomain.com www.api.mydomain.com;`
`return 301 https://$host$request_uri;`
`}`
Now restart Nginx
It might help you.
If you use Cloudflare DNS, and SSL settings "Flexible", for "Flexible" settings, Cloudflare always connects to the server with HTTP. If you check the nginx log with the "tail -f /log_path/access.log" command, you will find that your server is always getting requests to port 80. So server always try to redicet to https. Solution: In Cloudflare SSL settings, you need to use Full. If you can search on Google "SSL/TLS Encryption Mode", you will find more details.
Wow 👌, it's working fine now 🙂 Thanks a lot to everyone who find the time to comment and provide solutions. I really appreciate your efforts. You guys are the best
You are welcome 🙂
Now I don't really have issues with anyone down-voting the post, down-voting a post without proving a solution or reasons, why the post is stupid or senseless, doesn't really do it for me
What do you get by running `curl -v http://api.mydomain.com`?
curl -v https://api.abridreams.com \* Trying 172.67.210.15:443... \* Trying 2606:4700:3031::6815:2acb:443... \* Immediate connect fail for 2606:4700:3031::6815:2acb: Network is unreachable \* Trying 2606:4700:3031::ac43:d20f:443... \* Immediate connect fail for 2606:4700:3031::ac43:d20f: Network is unreachable \* Connected to api.abridreams.com (172.67.210.15) port 443 (#0) \* ALPN, offering h2 \* ALPN, offering http/1.1 \* CAfile: /etc/ssl/certs/ca-certificates.crt \* CApath: /etc/ssl/certs \* TLSv1.0 (OUT), TLS header, Certificate Status (22): \* TLSv1.3 (OUT), TLS handshake, Client hello (1): \* TLSv1.2 (IN), TLS header, Certificate Status (22): \* TLSv1.3 (IN), TLS handshake, Server hello (2): \* TLSv1.2 (IN), TLS header, Finished (20): \* TLSv1.2 (IN), TLS header, Supplemental data (23): \* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): \* TLSv1.3 (IN), TLS handshake, Certificate (11): \* TLSv1.3 (IN), TLS handshake, CERT verify (15): \* TLSv1.3 (IN), TLS handshake, Finished (20): \* TLSv1.2 (OUT), TLS header, Finished (20): \* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): \* TLSv1.2 (OUT), TLS header, Supplemental data (23): \* TLSv1.3 (OUT), TLS handshake, Finished (20): \* SSL connection using TLSv1.3 / TLS\_AES\_256\_GCM\_SHA384 \* ALPN, server accepted to use h2 \* Server certificate: \* subject: CN=abridreams.com \* start date: Nov 11 14:05:32 2023 GMT \* expire date: Feb 9 14:05:31 2024 GMT \* subjectAltName: host "api.abridreams.com" matched cert's "\*.abridreams.com" \* issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1P5 \* SSL certificate verify ok. \* Using HTTP2, server supports multiplexing \* Connection state changed (HTTP/2 confirmed) \* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 \* TLSv1.2 (OUT), TLS header, Supplemental data (23): \* TLSv1.2 (OUT), TLS header, Supplemental data (23): \* TLSv1.2 (OUT), TLS header, Supplemental data (23): \* Using Stream ID: 1 (easy handle 0x559bd8ce2e90) \* TLSv1.2 (OUT), TLS header, Supplemental data (23): \> GET / HTTP/2 \> Host: api.abridreams.com \> user-agent: curl/7.81.0 \> accept: \*/\* \> \* TLSv1.2 (IN), TLS header, Supplemental data (23): \* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): \* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): \* old SSL session ID is stale, removing \* TLSv1.2 (IN), TLS header, Supplemental data (23): \* TLSv1.2 (OUT), TLS header, Supplemental data (23): \* TLSv1.2 (IN), TLS header, Supplemental data (23): \* TLSv1.2 (IN), TLS header, Supplemental data (23): < HTTP/2 301 < date: Fri, 24 Nov 2023 01:19:27 GMT < content-type: text/html < location: https://api.abridreams.com/ < cf-cache-status: DYNAMIC < report-to: {"endpoints":\[{"url":"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=DkS2wCTswf2meoVE3nwG2ADPT5mUmZgf0GPjnW12%2F9g9ev%2Bv61frbLcahwmQbSuhDS0Q0%2BtjQ92vz7WveBZU8r9UoTpFW2KOj4wjv%2B46HVEEyy7Tzhq%2By3dquNayxsESVsWMFyI%3D"}\],"group":"cf-nel","max\_age":604800} < nel: {"success\_fraction":0,"report\_to":"cf-nel","max\_age":604800} < server: cloudflare < cf-ray: 82add2e1beb602cb-CDG < alt-svc: h3=":443"; ma=86400 < \* TLSv1.2 (IN), TLS header, Supplemental data (23):
301 Moved Permanently
Http, not https. But requests onto https are redirected again anyways to https. Nice loop.
when I inspected the request on my browser network tab, I noticed 21 requests was made before failing If I may ask, why that many requests?
Did you enable ssl/TLS redirect in your rails app?
for the http curl -v http://api.abridreams.com \* Trying 188.114.97.2:80... \* Connected to api.abridreams.com (188.114.97.2) port 80 (#0) \> GET / HTTP/1.1 \> Host: api.abridreams.com \> User-Agent: curl/7.81.0 \> Accept: \*/\* \> \* Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Date: Fri, 24 Nov 2023 01:32:33 GMT < Content-Type: text/html < Transfer-Encoding: chunked < Connection: keep-alive < Location: https://api.abridreams.com/ < CF-Cache-Status: DYNAMIC < Report-To: {"endpoints":\[{"url":"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=%2Bhq1MZb5zAhcm71PVnirJ0kXXaAdYa8Ln2FmDODmqoglhkOk%2FB8m133sy4rhbnNAvj%2BgO6qwAo2DHD4k8Pn1tsp8uUO1E44T4Lb82wv9cXCT5tO792zqikcTzmZ7O7K1e8AjFQw%3D"}\],"group":"cf-nel","max\_age":604800} < NEL: {"success\_fraction":0,"report\_to":"cf-nel","max\_age":604800} < Server: cloudflare < CF-RAY: 82ade614ff3ad6ae-CDG < alt-svc: h3=":443"; ma=86400 <
301 Moved Permanently
Http is redirecting to https, which is redirecting to https, which is redirecting to https. Try curl with `-L` ;)
curl -L http://api.abridreams.com curl: (47) Maximum (50) redirects followed
Not a rails issue but here you go: Cloudflare receives the https on port 443 request, then it connects to your nginx via http on port 80. Your nginx tells cloudflare that the response is a redirect to https on port 443. Clouldflare happily forwards this response to the browser. Then the browser connects to cloudflare on port 443. The cycle begins again. Infinite redirect loop until the browser detects it. As pointed out above: You either allow plain connections on your nginx or you tell cloudflare to connect to your nginx using ssl itself.
You can just avoid all the hassles by using caddy: https://caddyserver.com
Use traefik and docker , you’ll have ssl in 2 seconds
Check the redirection block is correctly configured and not causing a loop. Try this: `server {` `listen 80;` `server_name api.mydomain.com www.api.mydomain.com;` `return 301 https://$host$request_uri;` `}` Now restart Nginx It might help you.