Can't disable redirect from http to https

I want to disable http to https redirect to put the website behind Cloudflare.

As soon as my website gets active on Cloudflare I have an error “The page isn’t redirecting properly”, because Cloudflare expects HTTP traffic.

In my /etc/nginx/nginx.conf I have an http block. Within the block I have only these SSL settings:

#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE|
ssl_prefer_server_ciphers off;

I commented out the first line and changed ciphers from on to off. That didn’t help me. I have no more HTTPS-related settings in this file.

My next try was to remove ssl.conf file:
rm /etc/nginx/sites-available/www.<my_domain_name>-ssl.conf

As a result I couldn’t access my website at all. “Safari can’t establish a secure connection”. Also, in the address bar I specifically stated to serve http version and it kept redirecting me to https.

I read this tutorial and this one with nginx.conf file modification, but they look nothing like my file, which is quite empty.

However, /etc/nginx/sites-available/www.<my_domain_name>-ssl.conf looks similar:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.<my_domain_name>;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    ssl_certificate /etc/letsencrypt/www.<my_domain_name>/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/www.<my_domain_name>/www.<my_domain_name>.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;
        
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 1g;
}

And here is /etc/nginx/sites-available/www.<my_domain_name>.conf :

server {
    listen 80;
    listen [::]:80;

    server_name www.<my_domain_name>;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;
        
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

What modifications should I do to remove the https redirect?

So when I would type the command:
curl -ksvo /dev/null http://www.<my_domain_name> --connect-to ::<my_IP> 2>&1 | egrep -i "< location|< http"

I could receive:
< HTTP/1.1 200 OK

This is unnecessary; you want to have all traffic over https, even behind Cloudflare.

In fact, you don’t have a redirect setup. Rather, you have a http and https server.

Unlink the …-ssl.conf file in sites-enabled, and amend the other config file so it looks something like this. Note: I don’t use Let’s Encrypt with Cloudflare, but use authenticated origin pulls, and their free certificates.

server {
    listen 80;
    listen [::]:80;

    server_name …;
    return 301 https://…$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name …;

    access_log /var/log/nginx/…-acces.log;
    error_log /var/log/nginx/…-error.log;

    ssl_certificate /etc/ssl/certs/…-cert.pem;
    ssl_certificate_key /etc/ssl/private/…-key.pem;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Frame-Options SAMEORIGIN always;
        add_header X-XSS-Protection "1; mode=block" always;
    }

    client_max_body_size 50m;
}

Once you’ve made the changes, test with nginx -t, then reload Nginx. Test with Cloudflare in development mode first. You may need to clear your browser cache to remove unwanted redirects.

1 Like

@mjw Thank you for a quick response! However, it didn’t work :pensive:

I did what you have suggested and tested afterwards:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Then I reloaded Nginx:

/etc/init.d/nginx reload
Reloading nginx configuration (via systemctl): nginx.service.

Finally, I enabled the “Development Mode” and as soon as my website got active behind Cloudflare I have got the same “Too many redirects” error.

Server got up after I removed Cloudflare nameservers.

Can you try using a different browser or private window? Do you still get the redirects? And, make sure to clear browser history and any cookies for the domain.

Furthermore, please confirm if Ghost is set up for www or the bare domain.

If this fails to work, adjust Cloudflare settings for SSL/TLS to be more flexible.

@mjw, I tried Safari and Firefox with cleaned cookies. Also, I tried incognito on both of them. The result is the same. Moreover, hyperping.io bot told me the website is down as soon as it has got behind Cloudflare.

When I type ghost ls I have a name and URL fields with “www”. If that’s what you mean.

I think the settings are as flexible as they can be, here is the screenshot:

I have had good success with Cloudflare set to “full”, which prevents the ghost server from trying to redirect http requests to https.

2 Likes

Thank you, it worked!

Also, I’m grateful to @mjw for the detailed replies and help with Nginx config.

2 Likes