You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today, at 5.08pm Pacific, @ljharb reported that nodejs.org was putting visitors into a redirect loop. This was caused by me changing a setting on Cloudflare to provide proxied https access to the new Ansible host described in #1390.
We have Cloudflare's SSL setting to "Full":
The new server doesn't expose https and getting Cloudflare to expose proxied https for it when on "Full", the server needs to expose https to Cloudflare. I changed this to "Flexible" so that Cloudflare could talk to the server as http and expose https.
This had an unexpected impact on nodejs.org, and in hindsight I should have done a lot more testing on the impact of the setting change than I did. nodejs.org exposes http and https interfaces precisely how it expects Cloudflare to expose them to the public. http is only allowed for /dist/ (and a couple of other legacy paths—we keep on intending to turn this off and make it strict-https but that's another story) and it redirects to https if you request any other path. Something about this, combined with the "Flexible" setting seems to have set up a redirect loop. My guess is that in "Flexible", Cloudflare just goes for http by default, so it was getting the redirect which it passed on to visitors.
Thankfully this was only turned on for a short time before it was reported. I estimate 10 minutes but I don't have accurate records of when I made the change and I don't believe there's an audit trail.
The text was updated successfully, but these errors were encountered:
For the record.
Today, at 5.08pm Pacific, @ljharb reported that nodejs.org was putting visitors into a redirect loop. This was caused by me changing a setting on Cloudflare to provide proxied https access to the new Ansible host described in #1390.
We have Cloudflare's SSL setting to "Full":
The new server doesn't expose https and getting Cloudflare to expose proxied https for it when on "Full", the server needs to expose https to Cloudflare. I changed this to "Flexible" so that Cloudflare could talk to the server as http and expose https.
This had an unexpected impact on nodejs.org, and in hindsight I should have done a lot more testing on the impact of the setting change than I did. nodejs.org exposes http and https interfaces precisely how it expects Cloudflare to expose them to the public. http is only allowed for
/dist/
(and a couple of other legacy paths—we keep on intending to turn this off and make it strict-https but that's another story) and it redirects to https if you request any other path. Something about this, combined with the "Flexible" setting seems to have set up a redirect loop. My guess is that in "Flexible", Cloudflare just goes for http by default, so it was getting the redirect which it passed on to visitors.Thankfully this was only turned on for a short time before it was reported. I estimate 10 minutes but I don't have accurate records of when I made the change and I don't believe there's an audit trail.
The text was updated successfully, but these errors were encountered: