Notes

Resolving the ERR_TOO_MANY_REDIRECTS Error in Vercel + Cloudflare Deployment

Discuss the "ERR_TOO_MANY_REDIRECTS" error encountered when deploying a website using Vercel and Cloudflare, along with its solutions.

When deploying this website, I used Vercel as the frontend hosting service and delegated domain resolution to Cloudflare. After completing the initial setup, I eagerly visited my website, only to be greeted by a browser error message: ERR_TOO_MANY_REDIRECTS.

I was very confused. I had simply bound the domain to Vercel and configured DNS resolution on Cloudflare without any complex settings—so why was there an issue with too many redirects? After researching online, I concluded that the problem arose because Cloudflare, in “Flexible” mode, communicates with Vercel over HTTP, while Vercel automatically redirects all HTTP requests to HTTPS, creating a redirect loop.

Understanding SSL/TLS Configuration

Cloudflare offers several SSL/TLS configuration modes, with the most common being “Flexible” and “Full.” The error I encountered was caused by improper SSL/TLS settings. Here are the key characteristics of these modes:

  • Flexible Mode: In this mode, the connection between Cloudflare and the client is secured via HTTPS (SSL encrypted), but the connection between Cloudflare and the origin server (e.g., Vercel) uses HTTP. This means the user’s request to Cloudflare is encrypted, but the traffic from Cloudflare to Vercel remains unencrypted.
  • Full Mode: Both the client-to-Cloudflare and Cloudflare-to-origin server connections use HTTPS, but Cloudflare does not verify whether the origin server’s SSL certificate is valid.
  • Full (Strict) Mode: Also uses HTTPS for all connections, but Cloudflare enforces validation of the origin server’s SSL certificate, ensuring it is trusted and properly issued.

By default, Cloudflare’s SSL/TLS setting may be set to “Flexible.” This means that when a client accesses the website via HTTPS, Cloudflare decrypts the request and forwards it to Vercel as HTTP. However, Vercel automatically redirects all HTTP requests back to HTTPS. This creates a loop: Vercel redirects to HTTPS, Cloudflare receives the HTTPS request and forwards it again, and the cycle repeats. The browser detects this excessive redirection and blocks it, displaying the ERR_TOO_MANY_REDIRECTS error.

To resolve this issue, the solution is to adjust Cloudflare’s SSL/TLS mode to either “Full” or “Full (Strict).” This ensures that Cloudflare communicates with Vercel over HTTPS, preventing the redirect loop.

In summary, when using Cloudflare with services like Vercel that enforce HTTPS, it’s crucial to configure SSL/TLS correctly to avoid unintended redirect loops. Switching from “Flexible” to “Full” or “Full (Strict)” mode ensures end-to-end encryption and a smooth browsing experience.Excessive redirects and the ERR_TOO_MANY_REDIRECTS error.

Cause of the Error

When Vercel receives an HTTP request, it returns a 308 status code, instructing the client to redirect the request to the HTTPS URL. HTTP 308 is a permanent redirect, meaning the client must use HTTPS for all subsequent requests.

When a client (i.e., the user’s browser) initially accesses https://brume.top via HTTPS, Cloudflare in Flexible mode forwards the request to Vercel as HTTP. Upon receiving the HTTP request, Vercel, following its default behavior, issues a 308 permanent redirect, forcing the request to be redirected to the HTTPS version of the same URL. Cloudflare then sends this HTTPS redirect back to the client, which is already on HTTPS, making the redirect effectively redundant. The browser repeatedly receives the same redirect instruction, creating a loop that eventually triggers the ERR_TOO_MANY_REDIRECTS error due to excessive redirects. Just as a reference, here is a diagram generated by ChatGPT illustrating the process:

图片

Additionally, from a security perspective, this so-called “Flexible mode” may provide users with an HTTPS experience on the surface, but the communication between Cloudflare and the origin server remains unencrypted HTTP. This exposes the data to potential eavesdropping or tampering during transmission. Therefore, strictly speaking, “Flexible mode” is not a secure solution.

Solution

To resolve this issue, simply change Cloudflare’s SSL/TLS configuration from “Flexible” to “Full (Strict).” This ensures that Cloudflare communicates with Vercel exclusively over HTTPS, eliminating the redirect loop.

Licensed under CC BY-NC-SA 4.0