Say Hi

Cloudflare: Too Many Redirects Error when Proxying

2024-05-16

This happens when Cloudflare sends unencrypted HTTP proxy requests to the server and the server redirects them to HTTPS. To fix this, set the SSL/TLS encryption_mode to Full or Full (Strict) in the Cloudflare dashboard.

Cloudflare is a great service that can help you protect your website from DDoS attacks, speed up your website, and more. It is one of my favorite services not only for its security features but also for its speed and reliability.

  • A static website that is hosted on Cloudflare Pages
  • A Node.js API that is hosted on Railway

API calls are proxied through Cloudflare to the API server. To setup the proxy, I mapped a CNAME record from Cloudflare to the Railway server. The setup looks simple enough, however I started getting the Too Many Redirects error when trying to access the API.

The reason for this is that Cloudflare, by default, when proxying requests sends unencrypted HTTP requests to the server. Railway on the other hand is configured to redirect any HTTP requests to HTTPS. This creates a loop where Cloudflare sends an HTTP request, Railway redirects it to HTTPS, Cloudflare sends another HTTP request, and so on. This is a well-known issue and is documented in the Cloudflare documentation as well.

The Solution

The solution is to configure Cloudflare to send HTTPS requests to the server instead of HTTP. This can be done by setting the SSL/TLS encryption mode to Full or Full (Strict) in the Cloudflare dashboard.

  1. Go to the Cloudflare dashboard
  2. Select your domain
  3. Go to the SSL/TLS section
  4. Under the "Overview" tab, set the encryption mode to Full or Full (Strict)

Cloudflare SSL/TLS Settings

This will ensure that Cloudflare sends HTTPS requests to the server, and the server won't try to redirect them to HTTPS again, thus breaking the redirect loop.

What's the Difference Between Full and Full (Strict)?

  • Full: Cloudflare will encrypt traffic between the browser and Cloudflare, and between Cloudflare and the origin server. It accepts any certificate from the origin, including self-signed certificates.
  • Full (Strict): Similar to Full, but Cloudflare will only connect to the origin server if the origin presents a valid certificate.

For most cases, Full is sufficient. However, if you want to ensure that the connection between Cloudflare and your origin server is fully secured, use Full (Strict).

Conclusion

If you're facing the "Too Many Redirects" error when using Cloudflare with your application, check your SSL/TLS settings. The issue is often caused by a redirect loop between HTTP and HTTPS. Setting the encryption mode to Full or Full (Strict) can resolve this issue by ensuring that Cloudflare communicates with your origin server using HTTPS.

Back to all posts