Why do I have to change from Flexible to Full to solve my "too many redirects" problem with cloudflare?

Question

I just setup a new website.

After setting up everything (SSL with LetsEncrypt), there is a too many redirects problem.

It took me hours to figure out that I can just solve it by switching from Flexible to Full in my cloudflare seetings. But why? Can somebody explain details to me?

Nginx conf:

server {
 
  server_name mysite.com;
 
  root /root/mysite;
  index index.html;
 
  location / {
    try_files $uri $uri/ =404;
  }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = mysite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


 
  server_name mysite.com;
    listen 80;
    return 404; # managed by Certbot


}

Answer 1

When the set up is configured in Flexible mode, it means that the connection follows this configuration:

• Between the end user and Cloudflare, HTTPS is used
• Between Cloudflare and your origin erver, HTTP is used

This can be useful if the origin does not support HTTPS, but you still want end users to connect securely to Cloudflare. The recommendation is to always have end to end TLS enabled with fully valid certificates.

If your origin is configured to redirect HTTP requests to HTTPS, then we enter into a loop, since the redirected HTTPS request goes back to Cloudflare, then Cloudflare makes an HTTP request to the origin ... and back to where it started!

In your case you seem to have a fully valid Let's Encrypt certificate on your origin server, so you should use Full (Strict) . More information is also available here