Trying to understand what is happening with this domain!


#1

This morning I bought the domain orng.social to host our mastodon instance, Mastodon works just fine inside a docker container and all the web duties are done by my trusty nginx.

I have set up hundreds of redirects in nginx to redirect a site from http to https. Here, I’m unable to do that. My redirect fails, Cloudflare’s Use https page rule fails, Cloudflare’s redirect to https://orng.social also fails.

What I get instead is a 57 byte stream (I have no clue where it is coming from as it’s definitely not my server pushing that)

Now, if anyone visits the site by just entering orng.social in their browser, they’re offered a file download, If someone explicitly enters http://orng.social they are again offered a file download.
if someone enters https://orng.social, our HSTS comes in play and forces the domain to redirect to https everytime so you will have to use incognito to do it again and the same story repeats.

Does anyone have any explanation about what may be happening? in the meanwhile I’ve contacted my data center and domain registrar to seek an answer from their side as well.


(Lal Salaam) #2

Never used Cloudflare so no idea about this part.
But I use Nginx for my Django sites.

I was stuck with similar situation for one of site. Where typing example.com took to https version and also www version to https, but when typed https://example. com it did not direct to www version.
Tried every thing and failed.

Check your nginx location redirect. Sometime a small typo can be issue of fail.

Finally I could not solve and my Godaddy SSL certificate expired.
Installed Letsencrypt and it rewrote rules and everything was solved.

You are using letsenrypt, let it write rules and check.


(Saksham Kumar) #3

About this, the test site which you have provided is doing the same thing!! Clicking on View Site option downloads a file every time. I don’t know why this is happening though. :thinking:


(अभिषेक वर्मा) #4

The same thing happened with me many times.


#5

The rules are 100% letsencrypt rules (I have an understanding of what it does but still I let it configure rules)

The thing is that it isn’t responding to Port 80 whereas port 443 works just fine!

Looks like I need to contact server providers! something is not right from their side.


#6

Sorry for delayed response. I wish I could help early.

At the time of replying, I couldn’t repro the described issue. What I see currently, Cloudflare NS is not active for your domain.

image


#7

Issue is still reproducible. Try opening incognito and visiting blog.orng.social or orng.social or eddy.orng.co without https and you’ll know what I’m talking about!

Try with something other than Jio though!


#8

I have Jio only. At the moment, your domain connect to some IP starting from 195.154…
Seems issue is not related to Cloudflare but something else may be.


#9

That’s correct though! can you come to teamviewer or anydesk? I need to test a few response codes?

I know it’s not cloudflare but it is something that is so much more ellusive that even cloudflare can’t modify the response being sent from either the root registry or the server itself.


#10

Sure… no problem.

BTW, I checked at Pingdom too. It shows error.


#11

That is why I’m sure that there is something funny going on!

looks like IPv6 gets proper response but not IPv4 or maybe I’m wrong and Jio is just offering a webcache version.


#12

I just hope very first it gets fix at the origin.


#13

Have contacted server provider, Let’s see what they have to say!


(Mr. Potter) #14

I tried to open from my phone, in safari private. It’s unreachable


#15

So 24 Hours later, It’s finally fixed.

@Saksham Your problem should be fixed as well.

And for the warning to all of you, Never use http/2 on your redirect block.

More detailed analysis:

I may have been high on weed or something when i wrote that config block but I had made my config this:

server {

        return 301 https://$host$request_uri;

        listen 80 default_server http2;
        listen [::]:80 default_server http2;

        server_name .example.com;
}

That is what was injecting garbage values to the response.

For redirect to work, This has to be a HTTP/1.1 Type block so it means:

server {

        return 301 https://$host$request_uri;

        listen 80 default_server;
        listen [::]:80 default_server;

        server_name .example.com;
}

And that is how the problem was resolved.


#16

cc @gulshankumar Now the real deal, Moving it to cloudflare :stuck_out_tongue:


#17

This one might be helpful :stuck_out_tongue:
How to Setup Free Cloudfare CDN for Wordpress (Tutorial)


#18

That’s sadly mastodon not wordpress :stuck_out_tongue: