Solved Cloudflare - Forwarding CNAME to HTTPS URL?

wrx7m

I am trying to redirect careers.domain.com to an ADP URL in Cloudflare. I created a CNAME record for careers.domain.com and a page rule for a permanent redirect to a company-specific ADP URL.

When I go to careers.domain.com, I get an HTTPS warning from the browser. In Chrome, it says NET::ERR_CERT_COMMON_NAME_INVALID. If I proceed, it takes me to the login screen of the ADP workforce site, instead of the actual page where I would normally arrive when clicking the link.

Is there a way to make the forwarding work?

JaredBusch

@wrx7m said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I am trying to redirect careers.domain.com to an ADP URL in Cloudflare. I created a CNAME record for careers.domain.com and a page rule for a permanent redirect to a company-specific ADP URL.

When I go to careers.domain.com, I get an HTTPS warning from the browser. In Chrome, it says NET::ERR_CERT_COMMON_NAME_INVALID. If I proceed, it takes me to the login screen of the ADP workforce site, instead of the actual page where I would normally arrive when clicking the link.

Is there a way to make the forwarding work?

Of course it would give you a SSL error. The ADP URL is not careers.domain.com

This means your redirect is not working. Instead it is simply the CNAME being used.

wrx7m

@JaredBusch said in Cloudflare - Forwarding CNAME to HTTPS URL?:

@wrx7m said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I am trying to redirect careers.domain.com to an ADP URL in Cloudflare. I created a CNAME record for careers.domain.com and a page rule for a permanent redirect to a company-specific ADP URL.

When I go to careers.domain.com, I get an HTTPS warning from the browser. In Chrome, it says NET::ERR_CERT_COMMON_NAME_INVALID. If I proceed, it takes me to the login screen of the ADP workforce site, instead of the actual page where I would normally arrive when clicking the link.

Is there a way to make the forwarding work?

Of course it would give you a SSL error. The ADP URL is not careers.domain.com

This means your redirect is not working. Instead it is simply the CNAME being used.

OK. That makes sense. So, based on my description, I set it up correctly and it just isn't working the way it is supposed to?

wrx7m

I figured it out. You need to enable the HTTP Proxy (CDN) option for the CNAME record. AKA, the orange cloud.

dbeato

@wrx7m said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I figured it out. You need to enable the HTTP Proxy (CDN) option for the CNAME record. AKA, the orange cloud.

Yes, you do, otherwise it will never work.

JaredBusch

@dbeato said in Cloudflare - Forwarding CNAME to HTTPS URL?:

@wrx7m said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I figured it out. You need to enable the HTTP Proxy (CDN) option for the CNAME record. AKA, the orange cloud.

Yes, you do, otherwise it will never work.

Incorrect. The CNAME worked exactly like it was supposed to.

But because the traffic was never hitting the CloudFlare servers (no orange cloud), the redirect was never applied.

The redirect only exists on CloudFlare.

dbeato

@JaredBusch said in Cloudflare - Forwarding CNAME to HTTPS URL?:

@dbeato said in Cloudflare - Forwarding CNAME to HTTPS URL?:

@wrx7m said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I figured it out. You need to enable the HTTP Proxy (CDN) option for the CNAME record. AKA, the orange cloud.

Yes, you do, otherwise it will never work.

Incorrect. The CNAME worked exactly like it was supposed to.

But because the traffic was never hitting the CloudFlare servers (no orange cloud), the redirect was never applied.

The redirect only exists on CloudFlare.

Yes, you are correct as DNS was working as expected but CloudFlare wasn't enabled to do the proxy.

Dashrender

I don't really understand this - wouldn't you need a redirect command to make this work correctly? As stated - the browser thinks it's going to careers.domain.com, but that's being redirected via cname to joes.website.com, and joe's has a TLS cert.

Wouldn't the correct way be to have a server accept the request for careers.domain.com and execute a redirect to a new URL (joes.website.com) and now the browser will know it's going to joes site and accept the cert?

I'm now ready to be yelled at by JB for being stupid.

JaredBusch

@Dashrender said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I'm now ready to be yelled at by JB for being stupid.

Yup.

Dashrender

@JaredBusch said in Cloudflare - Forwarding CNAME to HTTPS URL?:

@Dashrender said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I'm now ready to be yelled at by JB for being stupid.

Yup.

I don't understand it - I've never done it - so... Please explain.

JaredBusch

@Dashrender said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I don't really understand this - wouldn't you need a redirect command to make this work correctly? As stated - the browser thinks it's going to careers.domain.com, but that's being redirected via cname to joes.website.com, and joe's has a TLS cert.

Wouldn't the correct way be to have a server accept the request for careers.domain.com and execute a redirect to a new URL (joes.website.com) and now the browser will know it's going to joes site and accept the cert?

What server? He has no server. He simply wanted an alias for a nasty long URL.
careers.domain.com instead of adp.com/346y365hy3/365h56/456/y6/

Any good proxy will do this. CloudFlare is one of the best.

So process.

1. Create a CNAME entry for careers.domain.com pointing somewhere.
   1. Make sure the orange cloud is on. This makes the actual destination not matter because the IP will return as CloudFlare.
   2. But you want it to be something intelligent in case of problems as the OP found out.
2. Create a redirect rule in CloudFlare.
   1. This is no different than the redirect 301 that you would use on your NginX proxy or other system.
3. Profit

Dashrender

@JaredBusch said in Cloudflare - Forwarding CNAME to HTTPS URL?:

@Dashrender said in Cloudflare - Forwarding CNAME to HTTPS URL?:

I don't really understand this - wouldn't you need a redirect command to make this work correctly? As stated - the browser thinks it's going to careers.domain.com, but that's being redirected via cname to joes.website.com, and joe's has a TLS cert.

Wouldn't the correct way be to have a server accept the request for careers.domain.com and execute a redirect to a new URL (joes.website.com) and now the browser will know it's going to joes site and accept the cert?

What server? He has no server. He simply wanted an alias for a nasty long URL.
careers.domain.com instead of adp.com/346y365hy3/365h56/456/y6/

Any good proxy will do this. CloudFlare is one of the best.

So process.

1. Create a CNAME entry for careers.domain.com pointing somewhere.
   1. Make sure the orange cloud is on. This makes the actual destination not matter because the IP will return as CloudFlare.
   2. But you want it to be something intelligent in case of problems as the OP found out.
2. Create a redirect rule in CloudFlare.
   1. This is no different than the redirect 301 that you would use on your NginX proxy or other system.
3. Profit

Well - there's your website I mentioned - the proxy. It's doing the redirect. OK - fine, it's not really a website (at least not likely), but you get the point - and I'm learning .. so thanks.
But my general thinking was along the same lines as your setup.