Nginx and Cloudflare: err_too_many_redirects - nginx

The error err_too_many_redirects appears in the browser enter image description here but nothing comes out in the nginx error log and I just registered the site in cloudflare. All traffic is redirected to HTTPS

This error generally occurs in Wordpress Sites which is due to a re-direct header sent by PHP.
So This is due to following reason:
You have enabled HTTPS redirect on your website either by ngin or php.
Cloudflare tries to open your site http://example.com and proxy it with https
When Cloudflare tries to open http://example.com, your site tells it to open https://example.com and cloudflare again tries to open http://example.com
This forms a redirect loop and due to which site could not open.
The best way to solve this is :
Disable HTTPS Redirect from your server side.
Enable Flexible SSL from Cloudflare
Enter a page rule on Cloudflare with input as http://*.example.com to Always use HTTPS

Related

How HTTP requests are Automatically being redirected to HTTPS?

I am using Cloudflare SSL on my WordPress site, but I don't know that how HTTP request are automatically redirecting to HTTPS. I have not set any redirects.
It's very likely that your CloudFlare site uses HSTS. See this blog post for details:
https://blog.cloudflare.com/enforce-web-policy-with-hypertext-strict-transport-security-hsts/

Redirect HTTP traffic to HTTPS for WordPress on IIS

I have a WordPress website on IIS. I have a SSL Certificate setup for the site and that is working fine when I navigate to the site via https.
The problem is, I can still navigate to the site via regular http and of course I don't get the security of the SSL certificate.
How can I divert all traffic to the site that comes through http to the https?
Is this done via the web.config? I've tried all sorts, but nothing worked for me.

WordPress + CloudFront Flexible SSL ends up in redirect loop (https)

Having problems accessing the admin over https when it's setup behind CloudFront Flexible SSL.
The admin works fine when accessing over http, but as soon as I change to secure https it ends up in a redirect loop.
I'm adding the following line to wp-config.php to force SSL in the admin.
define('FORCE_SSL_ADMIN', true);
This is due to the fact that CloudFlare's Flexible SSL operates as a reverse proxy and connects to the WordPress installation via http. Wordpress thinks you're connecting via http and does a redirect to the https resource. The browser requests the https resource from CloudFlare and CloudFlare again requests the resource over http from the WordPress server, resulting in another redirect.
Fortunately there's a solution. CloudFlare sends an http header X-FORWARDED-PROTO that is the protocol used in the connection from the browser to the CloudFlare server. We can use this to tell WordPress that even though the request is happening over http, the link to the browser is over https.
In the wp-config.php file add the following line:
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';
It's also crucial that the above line comes before the following line:
require_once(ABSPATH . 'wp-settings.php');
After making that modification the redirect loop will stop and you'll be able to use the admin again.
This ultimately applies to all reverse proxy servers, not just CloudFlare.
In my case we getting this problem because I configure CloudFront origin incorrect.
cloudfront-> origin -> Origin Protocol Policy -> Match Viewer
after this setting my website working fine
in my case, another source of problems was (I know sounds silly) the DefaultRootObject.
I had this error on my CloudFront and WordPress and was the issue of my Too Many Redirects nightmare. I'm posting that because someone falls into the same stupid error like me.
Cheers

IIS. Use HTTPS binding only

I have a site on IIS and this site has two bindings: HTTP and HTTPS. I would like to remove HTTP binding and use HTTPS only. But in that case I must to enter site address llike this https://mysite.com. If I enter site address like this mysite.com I have an issue "HTTP Error 403.4 - Forbidden". Is it possible to configure IIS so I would have only one HTTPS binding and could to enter mysite.com address without setting https protocol?

invalid security certificate and domain names

I recently purchased a security certificate for a website valid for www.example.com but not for *.example.com (wildcard version - more expensive)
The problem i have now is that although users can type http://example.com , the secure version (ssl enabled pages) https://example.com raises the invalid certificate exception - which is totally understandable.
How can i redirect https traffic to the www.example.com version before the request actually hits the server? i tried url rewritting and redirects without any luck. any ideas ?
The website is built using ASP.NET and Hosted on an IIS 7 server.
Thanks!
Spend another few bucks for a (~$30 at Godaddy) for a cheap cert for the shorter domain example.com.
It seems unlikely that a significant number of users users are typing in https://example.com. If they are typing in an address they are probably using http:// or nothing. You should be able to setup 2 virtual hosts, one for http://example.com/, and one for http(s)://www.example.com. Redirect everything from example.com to www.example.com
SSL is negotiated first, so there isn't really anything you can do to redirect connections from https://example.com to https://www.example.com if https://example.com has an invalid certificate.

Resources