RunCloud Team
If you are using Cloudflare proxy to hide your server’s IP address from the internet, then you might encounter a glitch that causes visitors to get stuck in a redirection loop.
Eventually, the request times out with an error message saying, “Too many redirects”.
In this article, we will investigate why websites might get stuck in a redirection loop and how you can prevent this.
Let’s get started!
Why Does This Happen?
If you’re using Cloudflare to serve visitors, you’ll probably be using Cloudflare’s TLS certificate to securely transmit these web requests. When you’re using the Flexible SSL option, Cloudflare will connect to your site over an HTTP connection, and forward the response to visitors over an HTTPS connection.
The Nginx or Apache2 server on your machine sees these requests before they are processed by WordPress. WordPress processes these requests over HTTP protocol – which causes your site to show a mixed content warning. This is where some content of your site is served over HTTP, whilst other content is transmitted over a secure connection.
If you try to address this issue by manually updating URLs from HTTP to HTTPS, then you might get stuck in a redirection loop.
This happens because when you configure your site to serve content over HTTPS, it will only serve it over HTTPS. If a user makes an insecure request, the server asks them to make a new request with an HTTPS connection. Usually this isn’t a problem, but if you have misconfigured your servers, an error will occur.
If Cloudflare servers make an insecure request to your site, and you redirect that back to another Cloudflare server, then it will cause an infinite loop. Each server will keep asking the other one to serve the request, until the maximum number of requests are reached.
How To Fix This Issue?
There are a few ways to fix this problem. Here are some of the easier ways to resolve the redirect loop problem.
Using Cloudflare Page Rule
One of the simpler ways to fix this problem is by updating the settings on your Cloudflare dashboard.
You can configure Cloudflare’s redirect rules with status code 301 to indicate that the webpage has moved over permanently.
In your Cloudflare dashboard, open the domain that you want to configure and look for the Redirect Rules section inside the Page Rules submenu. Then create a forwarding rule to tell Cloudflare to forward HTTP requests to HTTPS.
For example, if your WordPress address is https://blog.runcloud.io, Create a rule for http://blog.runcloud.io/ and use the Full URL setting with 301 redirect.
Updating CloudFlare TLS settings
To make sure that you don’t get stuck in redirection loops, use either the Full or Full (Strict) setting so that all the web requests are only made using the HTTPS connection.
Using SSL Certificate In RunCloud
If you are using RunCloud to manage your servers, you can easily configure TLS certificates for all your domains. Simply go to the domain section of your web-app and click the Configure SSL/TLS button for the domain that you want to secure.
Once you click the option, you’ll be asked to choose whether you want to use Let’s Encrypt or a different SSL provider, if you’re not sure about this, use Let’s Encrypt as it is free – and just as secure as other providers.
After that, you can configure how you want to verify the ownership of your domain, and what kind of certificate you want. Unless you need something specific, you can leave these settings to the default values.
And finally, you need to specify what happens when someone tries to access your domain over insecure connections. We recommend using the HSTS option which asks all users to only use secure connections for all web requests. However, you should know that once you enable this option, you will not be able to serve any content over HTTP connections.
After Action Report
The “too many redirects” error on Cloudflare can be frustrating, but it can be easily fixed by updating the misconfigured settings on your server. By following the steps outlined in this article, you’ll be able to update your website’s settings, and adjust your SSL certificates.
If you’re still struggling to resolve the issue, you should consider switching to a more user-friendly server management platform like RunCloud. With RunCloud, you can easily manage your server and issue SSL certificates in just a few clicks, making it a great choice for WordPress users who want a hassle-free solution.
If you feel that having a painless server configuration so you don’t need to spend hours figuring it out sounds like a good idea (and who doesn’t?) – get started with RunCloud today, and get up and running in minutes.
Categories: Security, Tips & Tricks, Tutorials
Using the Cloudflare origin certificate does not seem to work as you described here. After installing the certificate through the Runcloud interface, the website shows a “certificate cannot be trusted” warning.
Please don’t forget to activate your CloudFlare SSL, if you are not activating CloudFlare SSL you will see the warning page.
I just did the Origin Certificate with ‘Full (Strict)’ and works.
Thanks, great guide!
Running into a similar issue when using the Amazon lightsail nodebalancer the SSL certs are installed on the load balancer as we are using this for a HA setup.
Would really love to know if there is a solution as this may mean us not using runcloud to manage our HA apps
thank you… really help me