I cannot for the life of me get HTTPS working on Digital Ocean / Discourse / CloudFlare

best-practices

#1

I’ve done this multiple times and I can stand up a discourse instance without https, so it’s becoming a bit frustrating for a “simple 30 minute install.” Part of this question is “how do I do this particular thing?” and the other part of the question is “what is this class of things called?” and “how can I learn more about these things?”

Namely:

  • Server administration
  • DNS and host records
  • SSL
  • Unix (?) ports
  • Protocols (HTTP / UDP / TCP / etc)

I feel like I’m always flailing around with little idea of what I’m doing. If anyone has any resources that cover these topics broadly so I can get a handle on what’s going on, I’d appreciate it!

Now, the topic at hand:

I’m getting the error message that The page isn’t redirecting properly in Firefox and discourse.briankung.xyz redirected you too many times. in Chrome. The url is discourse.briankung.xyz. I set it up with the standard discourse installation instructions on Digital Ocean, with one caveat: that when I was trying to set up with the standard instructions, it balked when I provided a Let’s Encrypt email address. It said the site was accessible through port 80, but not port 443.

I am using CloudFlare’s DNS and have it set up to point discourse.briankung.xyz to my Digital Ocean’s IP address through an A record.

Any tips or hints would be greatly appreciated. Thank you!


#2

If I make a request to http://discourse.briankung.xyz, I get a response with 301 Moved Permanently and a header with the new location, Location: https://discourse.briankung.xyz/. This makes sense so far.

If I make a request to https://discourse.briankung.xyz/, I get a response with 301 Moved Permanently and a header with the new location, location: https://discourse.briankung.xyz/.

The second response does not make sense - the web page is redirecting to itself.

How have you set up that redirect?


#3

I haven’t personally set up that redirect, unless there’s something in Cloudflare that I’m not aware of - and I thought I had the http rewrites / etc. tuned in a reasonable manner. Otherwise it’s the Discourse application itself, which is a blackbox to me.

How can I figure out which (CloudFlare or Discourse) is causing the redirect? Thanks!


#4

I just encountered the exact same issue on my own site. :sweat_smile:

Make sure that your CloudFlare Crypto settings has SSL set to Strict, not Flexible.

The Flexible setting means that CloudFlare will listen on port 443 for encrypted connection, but then forward them to your own site on port 80 as unencrypted.

Strict means that CloudFlare will listen on port 443 for encrypted connections, then forward them to your own site, re-encrypted, on port 443.

With Flexible, your site (in this case, Discourse) will always think that it has an unencrypted connection, and will always redirect to HTTPS, even if your browser thinks it’s already HTTPS.