4

I have an app in google cloud run. I have connected my domain and added the cname: ghs.googlehosted.com.

my DNS and domain service is in cloud flare.

If the SSL is Full or Full strict I am getting Error 525. If the SSL in cloud flare is Off or Flexible I am getting ERR_TOO_MANY_REDIRECTS (I also see all the redirects in my logs).

Is it possible put google behind CF when google generates the certificate for my app (same domain)?

Thanks

EDIT Some more information:
Google does not let me upload a certificate of my own.
Also, google enforce me to expose my app to 8080 and I think it means no-ssl in my app.

fatNjazzy
  • 69
  • 3
  • 11

3 Answers3

5

Edit:

Cloud run allows you to use port 80, but this depends on the container, as per my experience, when you use port 80 as HTTP server, GCP automatically redirects it into HTTPS at port 443 with a valid SSL certificate from them with HTTP code 302, but when you use a cloud run custom domain then said certificate is generated with Let's encrypt.

At this point I think this is your goal (as per your 1st edit)

If you try to use Cloudflare as proxy here, then you must use Flexible for your no-ssl port 8080 app but Full for HTTPS cloud run apps since Flexible requires the following ports to respond with non 302 HTTP codes, but if you do this with "Full" then the changes might take up to 5 hours from CloudFlare side to propagate according to this.

Frank
  • 361
  • 1
  • 7
  • Thanks!!! the first time I have a direction. About solution number 1: Please see my update... Solution number 2: I don't understand how limiting the IP to CF might help? no one knows my IP address, it is always considered CF only. Please remember, this is "google cloud run". Ill be happy if you can add more information. thanks again – fatNjazzy Dec 15 '19 at 05:04
  • You are right, also, for this to work it's required a lot of patience (explained on edited answer). – Frank Dec 15 '19 at 08:14
  • Cloud run is not allowing port 80/8080/any other then 443 to the world. the 8080 thing is only for internal use. run force SSL on the APP )-: – fatNjazzy Dec 15 '19 at 11:23
0

I had the same setup (DNS on cloudflare and cloud run service on non-80 port) and faced the same issue i.e ERR_TOO_MANY_REDIRECTS error, when encryption mode was set to flexible on CF.

I just disabled proxying (DNS only mode) for the CNAME record pointing to GCP and the issue was resolved. I had to wait around 10-15 minutes after disabling proxy on CF.

For my use-case, proxying via CF was not required, I just needed the domain to point to my service

sanskarsharma
  • 9
  • 2
-1

my ssl mode on CF is flexible (mayny server use https from CF), but on Google Cloudrun allow only https then I config page rule on CF with specific sub-domain and now 302 redirect issue is gone.

page rule set ssl mode for your domain to full option and then wait until CF update (may be 1 hour)

panapol-p
  • 101
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Apr 02 '22 at 11:33