EE V4 Cloudflare Flexible SSL not working

nicolasbryne · December 14, 2018, 11:21am

Hello,
Does anyone tried wordpress site created using ee4 docker and add cloudflare Flexible SSL(free) to your website.
I got problems add SSL to my site.
When I activate Flexible SSL, browser says connection refused.

Help

msarhan · December 14, 2018, 1:13pm

You should just request a wildcard certificate for your domain and use CF Full SSL

nicolasbryne · December 14, 2018, 5:55pm

Yes. It is now working with CF Full (strict) by using LE on my server.

But I want to add Flexible SSL which will request our server on port 80. (because this is simple)
I don’t want to create self-sign cert or LE cert. I simply want to add CF SSL.
But adding Flexible SSL not working.
When I add Flexible SSL and access from browser at https://… , it says refuse to connect to server.
I don’t know why.

May be docker config problem or nginx-proxy conf problem created by EE v4.
So I want to know any workaround that you have tried.
Actually, it should work because there is no special step to connect to port 80 normally.

Thanks for ur time.

paramdeo · December 24, 2018, 3:45pm

Hey there,

If you really prefer to use HTTP on your server for simplicity that’s fine. But the Flexible SSL doesn’t always work right away because WordPress has to be configured to terminate SSL connections, otherwise it’ll send the request back.

First, ensure your WordPress URL is set to http and NOT https since technically your server isn’t listening on port 443 and you’ll get the connection refused error.

Next, add the following lines to your wp-config.php file located at /opt/easyengine/sites/yoursite.com/app/wp-config.php

if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
        $_SERVER['HTTPS']='on';

Add those lines after the section that contains your Authentication Keys and Salts.

That directive will check for the X-Forwarded-Proto header and allow WordPress to gracefully handle the HTTPS scheme. I haven’t done this in a long time, as it’s a last resort but let me know if you get through.

Remember to enable the following in Cloudflare:

Always use HTTPS

You shouldn’t get mixed content errors but if you do, you’ll have to considers switching to HTTPS. Good luck.

kirtan · December 25, 2018, 7:12am

paramdeo:

Next, add the following lines to your wp-config.php file located at /opt/easyengine/sites/yoursite.com/app/wp-config.php
if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
        $_SERVER['HTTPS']='on';

Actually this step is not needed as EE4 adds this block by default in all WP sites it creates

aka20 · December 30, 2018, 4:34pm

Do you enabled HSTS on CloudFlare and Nginx configuration?

timl · January 15, 2019, 11:55pm

Thanks Kirtan! this helped me fixed a redirect loop in a php (Joomla) site install!

system · December 22, 2020, 8:41am