Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incident: redirect-loop on nodejs.org #1424

Closed
rvagg opened this issue Aug 1, 2018 · 0 comments
Closed

Incident: redirect-loop on nodejs.org #1424

rvagg opened this issue Aug 1, 2018 · 0 comments

Comments

@rvagg
Copy link
Member

rvagg commented Aug 1, 2018

For the record.

Today, at 5.08pm Pacific, @ljharb reported that nodejs.org was putting visitors into a redirect loop. This was caused by me changing a setting on Cloudflare to provide proxied https access to the new Ansible host described in #1390.

We have Cloudflare's SSL setting to "Full":

screen shot 2018-07-31 at 10 04 20 pm

The new server doesn't expose https and getting Cloudflare to expose proxied https for it when on "Full", the server needs to expose https to Cloudflare. I changed this to "Flexible" so that Cloudflare could talk to the server as http and expose https.

This had an unexpected impact on nodejs.org, and in hindsight I should have done a lot more testing on the impact of the setting change than I did. nodejs.org exposes http and https interfaces precisely how it expects Cloudflare to expose them to the public. http is only allowed for /dist/ (and a couple of other legacy paths—we keep on intending to turn this off and make it strict-https but that's another story) and it redirects to https if you request any other path. Something about this, combined with the "Flexible" setting seems to have set up a redirect loop. My guess is that in "Flexible", Cloudflare just goes for http by default, so it was getting the redirect which it passed on to visitors.

Thankfully this was only turned on for a short time before it was reported. I estimate 10 minutes but I don't have accurate records of when I made the change and I don't believe there's an audit trail.

@rvagg rvagg closed this as completed Aug 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant