Discussion - Too many redirects with cloudflare CDN? | PlexGuide.com

Discussion Too many redirects with cloudflare CDN?

  • Stop using Chrome! Download the Brave Browser via >>> [Brave.com]
    It's a forked version of Chrome with native ad-blockers and Google's spyware stripped out! Download for Mac, Windows, Android, and Linux!
Welcome to the PlexGuide.com
Serving the Community since 2016!
Register Now

Edrock200

MVP
Original poster
Staff
Nov 17, 2019
545
195
Did something change recently with traefik? I deployed two new pg servers, in two different server farms, on two different continents. I have one domain, but made one entry as root and the other as sub. I.e. if my domain is domain.com, I made server one portainer.domain.com and domain 2 portainer.eu.domain.com. This deployed fine and passed all the checks. The odd issue is with cloudflare proxy (CDN) turned on I get a "Too many redirects" error on the web page. When I turn it off all works fine.

I saw another similar thread here from a while back but no solution. Does anyone know what might be causing this?
 

Edrock200

MVP
Original poster
Staff
Nov 17, 2019
545
195
NM. Figured it out. My page rule to rewrite http and bypass cache was set to https://*.mydomain.com/* instead of *.mydomain.com/*.
 

syebrexsr

Experienced+
Donor
Patron
May 22, 2020
113
24
Your right. I just checked and it did revert. But I turned auto https rewrite off in the rules. Maybe that's what did it.
I did go to page rules, and under the properties of each rule I see "Automatic HTTPS ReWrites" = ON but greyed out, is that how you see your settings as well?
 
Last edited:

Edrock200

MVP
Original poster
Staff
Nov 17, 2019
545
195
I did go to page rules, and under the properties of each rule I see "Automatic HTTPS ReWrites" = ON but greyed out, is that how you see your settings as well?
You probably have it on universally. Go to SSL settings/edge certs, see if always use https is on there. If so turn it off, then you can turn off on page rules.
 

syebrexsr

Experienced+
Donor
Patron
May 22, 2020
113
24
Oh..maybe that's why it's reverting to https in your rule. Try deleting the rule and recreating without the https://, then add your rules. Or deactivate this rule and make a new one.
ok - I will give it a go, thank you ! :)
Post automatically merged:

ok, one question; when I go to https://plexguide.com/wiki/traefik-cloudflare/ . There are instructions to setup page rules as follows.

"

Url Cache Level
https://plex.mydomain.com/* Bypass
https://emby.mydomain.com/* Bypass
https://jellyfin.mydomain.com/* Bypass
Alternatively, you can bypass the CF cache for everything using:

Url Cache Level
https://*.mydomain.com/* Bypass
"
This all being said; here are my settings, are they correct? omitted domain stuff. Those instructions say messing up on this could get you banned from Cloudflare.

1592949152796.png
 

Attachments

Last edited:

Edrock200

MVP
Original poster
Staff
Nov 17, 2019
545
195
There's three attachments. The one showing the three urls looks correct. You can do it by listing them individually but I would list it as https://*.your domain.com/*
That way any container you add will bypass cloudflare cache.

With regards to bans, it's that cache bypass rule that needs to be set, so as long as you set it as pictured or the wildcard method you will be fine.
 

syebrexsr

Experienced+
Donor
Patron
May 22, 2020
113
24
I don't know what happened, deleted, and recreated my page rules. Then tried to reset PG install, that was not working, and would explain that Curl had already been installed. So I decided to reinstall PG, but the latest beta. Fine that finished, I decided to check DNS and noticed that I am unable to ping mydomain.com, check Cloudflare DNS, and seen that I have an A record for my domain to my IP, so I don't know?? I also created an A record for www pointing to my IP. I am unable to ping by domain name but I am able to ping by IP. I have tried with the Hetzner firewall on and off, no go.

I think I scrambled something up, so I am going to reinstall my OS and see if I get DNS back.
 

Edrock200

MVP
Original poster
Staff
Nov 17, 2019
545
195
I don't know what happened, deleted, and recreated my page rules. Then tried to reset PG install, that was not working, and would explain that Curl had already been installed. So I decided to reinstall PG, but the latest beta. Fine that finished, I decided to check DNS and noticed that I am unable to ping mydomain.com, check Cloudflare DNS, and seen that I have an A record for my domain to my IP, so I don't know?? I also created an A record for www pointing to my IP. I am unable to ping by domain name but I am able to ping by IP. I have tried with the Hetzner firewall on and off, no go.

I think I scrambled something up, so I am going to reinstall my OS and see if I get DNS back.
The ability to ping your dns name won't have anything to do with pg. It doesn't create or alter dns records. So I would troubleshoot that first to see what's going on. Make sure your domain registrar has your name servers pointed to cloudflare to start.
 

syebrexsr

Experienced+
Donor
Patron
May 22, 2020
113
24
The ability to ping your dns name won't have anything to do with pg. It doesn't create or alter dns records. So I would troubleshoot that first to see what's going on. Make sure your domain registrar has your name servers pointed to cloudflare to start.
Looks like my domain needs to be paid as of yesterday; this is a separate issue. I will take care of that and get back on with it, thank you.
Post automatically merged:

ok, my domain is working now and it was user error.

I went to my IP and looked at what it said under the warning log.

Warning: Traefik deployed with ports open! Server at risk for explotation!
2. Traefik is Not Deployed Properly! Cannot Reach the Portainer SubDomain!
3. mydomain.net's rated limited exceed | Traefik (LetsEncrypt)! Takes upto one week to clear up (or use a new domain)
Post automatically merged:

Another thing to note is that I am able to reach my site by IP and port number, but my domain name and the port number still does not work. I am able to ping my domain and get the Cloudflare ip in response.
 
Last edited:

Edrock200

MVP
Original poster
Staff
Nov 17, 2019
545
195
Yeah you've been "let's encrypt" throttled unfortunately. Just need to wait it out. In the interim you can create the cloudflare cname entries to proxied, and set the SSL encryption to flexible in cloudflare SSL settings. It should allow your site to work until you can get the cert.
 

syebrexsr

Experienced+
Donor
Patron
May 22, 2020
113
24
Yeah you've been "let's encrypt" throttled unfortunately. Just need to wait it out. In the interim you can create the cloudflare cname entries to proxied, and set the SSL encryption to flexible in cloudflare SSL settings. It should allow your site to work until you can get the cert.
ok, I will give that a go :) .
Post automatically merged:

Yeah you've been "let's encrypt" throttled, unfortunately. just need to wait it out. In the interim you can create the cloudflare cname entries to proxied, and set the SSL encryption to flexible in cloudflare SSL settings. It should allow your site to work until you can get the cert.
ok, so now I can ping my domain, it replies back with the Cloudflare IP. I am still unable to go to mydomain.com:8555 I am able to use my IP address though. I know it isn't a firewall rule on my server or provider cpanel. So maybe something to do with Cloudflare :|
 
Last edited:

Edrock200

MVP
Original poster
Staff
Nov 17, 2019
545
195
You won't be able to do that. Free cloudflare only allows SSL 443 and http 80. You need to create a cname entry in cloudflare for your app, for example Sonarr, then point it to @, make it proxied. Assuming you have sonarr installed you can then just go to https://sonarr.yourdomain.com
 

syebrexsr

Experienced+
Donor
Patron
May 22, 2020
113
24
You won't be able to do that. Free cloudflare only allows SSL 443 and http 80. You need to create a cname entry in cloudflare for your app, for example Sonarr, then point it to @, make it proxied. Assuming you have sonarr installed you can then just go to https://sonarr.yourdomain.com
ok - so it was User error on my part; but practice makes perfect.

I have everything deployed.

Here is a question, setting up an indexer in radarr. When I setup Newznab as an indexer inside of Radarr, it ask for an API key. I don't know if I should use an API key from Cloudflare or my Google Oath 2.0 settings. What goes in the API key section, in regards to this?
Post automatically merged:

I think I found out that the API key for the indexers in Radarr is for connecting to the indexers and searching for content.
 
Last edited:

Edrock200

MVP
Original poster
Staff
Nov 17, 2019
545
195
ok - so it was User error on my part; but practice makes perfect.

I have everything deployed.

Here is a question, setting up an indexer in radarr. When I setup Newznab as an indexer inside of Radarr, it ask for an API key. I don't know if I should use an API key from Cloudflare or my Google Oath 2.0 settings. What goes in the API key section, in regards to this?
Post automatically merged:

I think I found out that the API key for the indexers in Radarr is for connecting to the indexers and searching for content.
Correct. It is the API key for your indexer, not Google or cloudflare. If you have pgclone,.pgshield and traefik deployed, your cloudflare and Google keys will not be used again.
Post automatically merged:

So after someone else ran into this, I checked some things and apparently you can put in *.domain.com/* in the page rules, but you have to have the right config for it to not auto change it to https. A friend was getting the too many redirect error. So I made his settings mirror minr and it worked. My settings are:

Cloudflare dashboard:

SSL/overview tab:

SSL - Full
Min tls - 1.2
Opp encryption - on
Tls 1.3 - on
Auto https rewrite - on
Cert monitoring - your choice

Page rules:
*.yourdomains.com/* (no https in front)
SSL - full
Cache level - bypass
Auto https rewrite - on
Origin cache control - off

With these settings everything works fine for him (and me) and the too many redirects or 525 errors went away.
Ed
 
Last edited:
  • Like
Reactions: 1 user

Recommend NewsGroups

      Up To a 58% Discount!

Trending