Get the most out of your Centmin Mod LEMP stack
Become a Member

Letsencrypt Cloudflare cloudflare http to https redirecting issue

Discussion in 'Domains, DNS, Email & SSL Certificates' started by emre22, Jan 22, 2017.

  1. emre22

    emre22 Member

    42
    5
    8
    Oct 15, 2016
    Ratings:
    +5
    Local Time:
    12:34 PM
    nginx-1.10.1
    MariaDB 10
    Hello,

    I am using cloudflare as dns, ssl = off, all kind of records are set up and working fine with non-ssl

    http://fs5.directupload.net/images/170122/4wnmqzpx.jpg

    I wanted to switch over to ssl, because I received a mail from google regarding this.

    I followed exactly this tutorial, I am using cmm beta, but when I try to reach my site with https://....net I am directly redirected to the non ssl site.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,850
    6,904
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,394
    Local Time:
    9:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    Also what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
    • Like Like x 1
  3. emre22

    emre22 Member

    42
    5
    8
    Oct 15, 2016
    Ratings:
    +5
    Local Time:
    12:34 PM
    nginx-1.10.1
    MariaDB 10
    Hey Eva,

    I did not create the domain new, I wanted to switch for an existing non-ssl domain to letsencrypt
     
    Last edited: Jan 22, 2017
  4. eva2000

    eva2000 Administrator Staff Member

    30,850
    6,904
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,394
    Local Time:
    9:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    still need the existing domain's vhost contents to double check
     
    • Like Like x 1
  5. emre22

    emre22 Member

    42
    5
    8
    Oct 15, 2016
    Ratings:
    +5
    Local Time:
    12:34 PM
    nginx-1.10.1
    MariaDB 10
    Code:
    [root@cmm-beta ~]# curl -I https://domain.net/
    HTTP/1.1 301 Moved Permanently
    Date: Sun, 22 Jan 2017 13:31:15 GMT
    Connection: keep-alive
    Set-Cookie: __cfduid=d17d0fa31f2ff18a408aaf13439b684991485091875; expires=Mon, 22-Jan-18 13:31:15 GMT; path=/; domain=.domain.net; HttpOnly
    Location: http://domain.net/
    Server: cloudflare-nginx
    CF-RAY: 32535d7bda672bee-AMS
    
    Code:
    [root@cmm-beta ~]# curl -I https://www.domain.net/
    HTTP/1.1 301 Moved Permanently
    Date: Sun, 22 Jan 2017 13:34:13 GMT
    Connection: keep-alive
    Set-Cookie: __cfduid=d831c5434e9a71252aa4357c42b51aeac1485092053; expires=Mon, 22-Jan-18 13:34:13 GMT; path=/; domain=.domain.net; HttpOnly
    Location: http://www.domain.net/
    Server: cloudflare-nginx
    CF-RAY: 325361d6590c2bd0-AMS
    
    Code:
    [root@cmm-beta ~]# curl -I http://domain.net/
    HTTP/1.1 200 OK
    Date: Sun, 22 Jan 2017 13:32:36 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d04097d0d5202ca370476c84aab4ec5e31485091956; expires=Mon, 22-Jan-18 13:32:36 GMT; path=/; domain=.domain.net; HttpOnly
    Vary: Accept-Encoding
    X-Powered-By: centminmod
    X-Page-Speed: 1.12.34.2-0
    Cache-Control: max-age=0, no-cache
    Server: cloudflare-nginx
    CF-RAY: 32535f7707862ba6-AMS
    
    Code:
    [root@cmm-beta ~]# curl -I http://www.domain.net/
    HTTP/1.1 301 Moved Permanently
    Date: Sun, 22 Jan 2017 13:33:10 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d605e78cd1847a9de2313ce889c3f1d0f1485091990; expires=Mon, 22-Jan-18 13:33:10 GMT; path=/; domain=.domain.net; HttpOnly
    Location: http://domain.net/
    X-Powered-By: centminmod
    X-Page-Speed: 1.12.34.2-0
    Cache-Control: max-age=0, no-cache
    Server: cloudflare-nginx
    CF-RAY: 3253604aa40c2c42-AMS
    
     
  6. emre22

    emre22 Member

    42
    5
    8
    Oct 15, 2016
    Ratings:
    +5
    Local Time:
    12:34 PM
    nginx-1.10.1
    MariaDB 10
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name existing-domain-conf.net www.existing-domain-conf.net;
    #            return 301 $scheme://www.existing-domain-conf.net$request_uri;
    #       }
    
    server {
     
      server_name existing-domain-conf.net www.existing-domain-conf.net;
    
    # ngx_pagespeed & ngx_pagespeed handler
    include /usr/local/nginx/conf/pagespeed.conf;
    include /usr/local/nginx/conf/pagespeedhandler.conf;
    include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/existing-domain-conf.net/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/existing-domain-conf.net/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/existing-domain-conf.net/autoprotect-existing-domain-conf.net.conf;
      root /home/nginx/domains/existing-domain-conf.net/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      # include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      include /usr/local/nginx/conf/wpincludes/existing-domain-conf.net/wpcacheenabler_existing-domain-conf.net.conf;
      #include /usr/local/nginx/conf/wpincludes/existing-domain-conf.net/wpsupercache_existing-domain-conf.net.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/existing-domain-conf.net/rediscache_existing-domain-conf.net.conf; 
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
     
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;   
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/existing-domain-conf.net/wpsecure_existing-domain-conf.net.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #   server_name existing-domain-conf-ssl.net www.existing-domain-conf-ssl.net;
    #    return 302 https://existing-domain-conf-ssl.net$request_uri;
    # }
    
    server {
      listen 443 ssl http2;
      server_name existing-domain-conf-ssl.net www.existing-domain-conf-ssl.net;
    
      include /usr/local/nginx/conf/ssl/existing-domain-conf-ssl.net/existing-domain-conf-ssl.net.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
       resolver 8.8.8.8 8.8.4.4 valid=10m;
       resolver_timeout 10s;
       ssl_stapling on;
       ssl_stapling_verify on;
    
     # ngx_pagespeed & ngx_pagespeed handler
     include /usr/local/nginx/conf/pagespeed.conf;
     include /usr/local/nginx/conf/pagespeedhandler.conf;
     include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/existing-domain-conf-ssl.net/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/existing-domain-conf-ssl.net/log/error.log;
    
      root /home/nginx/domains/existing-domain-conf-ssl.net/public;
     
        include /usr/local/nginx/conf/wpincludes/existing-domain-conf-ssl.net/wpcacheenabler_existing-domain-conf-ssl.net.conf;
        
    
      location / {
        # Wordpress Permalinks
        try_files $uri $uri/ /wordpress/index.php?q=$request_uri;   
    
        include /usr/local/nginx/conf/wpsecure.conf;
        include /usr/local/nginx/conf/wpnocache.conf;
        # for wp cache enabler plugin
        #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
        
        
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,850
    6,904
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,394
    Local Time:
    9:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    indeed for https version there's a 301 permanent redirect if you look at Location it's going to non-https version !
    Code (Text):
    Location: http://www.domain.net/
    

    nothing in both your vhosts suggest a 301 redirect from what i can see, so cloudflare might be doing it ? maybe when you set https = off in cloudflare ?
    seems cloudflare ssl off will 301 redirect to http version !

    so only way is either disable cloudflare cache and use as dns only = Cloudflare DNS Only Configuration

    or use cloudflare's ssl in front and set ssl to Full SSL or FULL SSL (strict) so cloudflare talks to your site's https letsencrypt ssl site

     
    • Like Like x 1
  8. emre22

    emre22 Member

    42
    5
    8
    Oct 15, 2016
    Ratings:
    +5
    Local Time:
    12:34 PM
    nginx-1.10.1
    MariaDB 10
    well cloudflare ssl was off all the time, I switched it now to full strict ssl and my website looks strange somehow. I sent you the url
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,850
    6,904
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,394
    Local Time:
    9:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 1
  10. emre22

    emre22 Member

    42
    5
    8
    Oct 15, 2016
    Ratings:
    +5
    Local Time:
    12:34 PM
    nginx-1.10.1
    MariaDB 10
    Okay, putting a pagerule under cloudflare & Automatic HTTPS Rewrites option fixed it all. Thank you so much eva :)
     
    • Like Like x 2
  11. eva2000

    eva2000 Administrator Staff Member

    30,850
    6,904
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,394
    Local Time:
    9:34 PM
    Nginx 1.13.x
    MariaDB 5.5
    excellent :D