ERR_TOO_MANY_REDIRECTS when deploying Flutter Web app with a Cloudflare proxy

Questions / Help
1

Hey there! :wave:

I’m having some trouble setting up a Cloudflare proxy with Fly.io as the origin server. To make a long story short, I have our small app deployed at https://dwylapp.fly.dev/. However, when trying to create a proxy in Cloudflare (https://app.dwyl.com/), we are getting an ERR_TOO_MANY_REDIRECTS error in the browser.

This is quite weird because we have apps deployed to Fly.io that work fine with Cloudflare as a proxy (e.g. our auth app, which you will see in the screenshots below).

What we’ve tried

You can find a thread of our attempts of fixing this at Deploy `Flutter` App to Fly.io · Issue #312 · dwyl/app · GitHub.

But here’s a quick summary, in order:

  • used the IPv4 address from Fly.io and paste it into Cloudflare’s DNS config page. We’ve waited for these DNS records to update.

image
image1308×640 64.8 KB

image
image1244×603 109 KB

  • we’ve allocated a dedicated IPv4 to our Fly.io page and updated it on Cloudflare’s DNS page.
    Notice that the Shared v4 pill now displays only v4, meaning we’ve done this IPv4 allocation correctly.

image
image784×506 29.5 KB

image
image2714×1196 260 KB

  • we’ve tried changing the SSL/TLS encryption mode in Cloudflare’s dashboard from Flexible to Full. However, when we try to do this, instead of ERR_TOO_MANY_REDIRECTS error, we get an SSL handshake failed error. And unfortunately, when we do this, our working app auth that we’ve previously mentioned also stops working.

image
image1026×480 53.3 KB

image
image2682×2066 328 KB

And that’s what we’ve tried so far. We’ve gone over Cloudflare’s Troubleshooting Docs for this error and they state “it’s commonly caused by a misconfiguration in SSL/TLS Encryption mode” (which we’ve tried to change).

Have any of you ever faced this problem when deploying a Flutter Web App? It’s a simple Static Website that does not yet have any navigation, so it’s most likely a problem with Fly.io’s default configuration of the server. But we’re having some trouble finding what exactly.

Thank you very much for your time!

2

@LuchoTurtle consider reframing your question to focus on the more general issue:
subdomain routing to a static website hosted on Fly.io

  1. Deployed our Flutter Web App to Fly.io and it’s working: https://dwylapp.fly.dev :white_check_mark:
  2. We have deployed Phoenix Apps to Fly.io in the past and they have worked with a subdomain defined in Cloudflare e.g: https://hits.dwyl.com or https://auth.dwyl.com
  3. We have followed the steps that worked for us in the past to setup a subdomain on Cloudflare to point https://app.dwyl.com to https://dwylapp.fly.dev but are getting a Redirect error:

image
image1794×1064 139 KB

We don’t think this is a Cloudflare issue because the CNAME record is just:

cloudflare-cname
cloudflare-cname2930×1134 278 KB

Which is what the flyctl CLI recommended, see: Chore: investigate "redirected you too many times." error for `app.dwyl.com` · Issue #316 · dwyl/app · GitHub

So our question is: does anyone else in the Fly.io community/team have experience with configuring subdomains for static websites (which is all our Flutter Web App is …)?
Has anyone experienced this redirect issue before?

Thanks!

3

I’m not too familiar with Cloudflare, but:

lillian ~ % curl --head https://app.dwyl.com --resolve app.dwyl.com:443:149.248.196.139
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to app.dwyl.com:443

You don’t have a SSL certificate applied to your app, so our proxy can’t respond to HTTPS connections from Cloudflare.

lillian ~ % curl --head http://app.dwyl.com --resolve app.dwyl.com:80:149.248.196.139
HTTP/1.1 301 Moved Permanently
location: https://app.dwyl.com/

With force_https enabled in your fly.toml, it can’t respond to HTTP connections either. Your admin app doesn’t have force_https enabled, so Cloudflare is making plaintext connections to it.

I looked at your github thread, and you did try to create a TLS certificate for your domain on Fly. It didn’t work because our certificate manager checks the DNS records to see if your domain is set up correctly, and Cloudflare’s “proxied” records replace the values you set to point to their proxy.
If you do want to keep the Cloudflare proxy, I think you can use TXT record verification, but I’m not sure if we have that set up for single subdomains or only wildcards. I’ll check and let you know!

3 Likes
4

I’m facing the same issue as well. Previous apps work fine with Cloudflare. Hoping to know if there’s a solution to the issue.

1 Like