Chore: investigate "redirected you too many times." error for `app.dwyl.com`

Question

Chore: investigate "redirected you too many times." error for `app.dwyl.com`

nelsonic opened this issue 2 years ago · 14 comments

As noted in #312 our Flutter (Alpha) App was deployed to Fly.io: https://dwylapp.fly.dev 🚀

The IP v4 address is: 149.248.196.139

We configured a DNS A record in Cloudflare:
https://dash.cloudflare.com/a8700dad540bfd2b1c20a00a65795d56/dwyl.com/dns/records

https://app.dwyl.com

It's not a cookies/cache issue, we've attempted this on completely stock fresh installs of Chrome and Firefox.

The error:

`redirected you too many times.`

Suggests that the redirect is occurring in Fly.io layer and not Cloudflare ...
We previously got Cloudflare error pages:

That was before we configured a static IP V4 address: #312 (comment)

Note: Both auth.dwyl.com and hits.dwyl.com are hosted on Fly.io
with A Records on Cloudflare pointing to the IP v4 Address of the App.

Todo

Study the configuration in /auth and /hits to see if we can learn anything. 🔍
Research how other Flutter Web Apps are deployed
- What needs to be updated in our config to enable the subdomain to be successfully routed?
Update the Fly.io Community question https://community.fly.io/t/err-too-many-redirects-when-deploying-flutter-web-app-with-a-cloudflare-proxy/10894 to add additional context. Specifically we have deployed 2 apps to Fly.io with subdomains configured by A records on Clourdflare DNS and both work fine without any additional config.

Answer 1 · 2023-02-21T13:50:52.000Z

Reading: https://fly.io/blog/how-to-custom-domains-with-fly/
trying:

flyctl certs create -a custom-quartz example.com

e.g:

flyctl certs create -a dwylapp app.dwyl.com

Get the following output:

A Record (172.67.187.145) does not match app's IP (149.248.196.139)
AAAA Record (2606:4700:3037::ac43:bb91) does not match app's IP (2a09:8280:1::6:e881)
Address resolution (172.67.187.145) does not match app's IP (149.248.196.139/2a09:8280:1::6:e881)
Address resolution (104.21.7.133) does not match app's IP (149.248.196.139/2a09:8280:1::6:e881)
Address resolution (2606:4700:3037::ac43:bb91) does not match app's IP (149.248.196.139/2a09:8280:1::6:e881)
Address resolution (2606:4700:3032::6815:785) does not match app's IP (149.248.196.139/2a09:8280:1::6:e881)
You are creating a certificate for app.dwyl.com
We are using Let's Encrypt for this certificate.

You can configure your DNS for app.dwyl.com by:

1: Adding an CNAME record to your DNS service which reads:

    CNAME app. dwylapp.fly.dev

Answer 2 · 2023-02-21T13:53:32.000Z

Had to delete the A record:

Then configured the CNAME:

Should take some time (usually 20 mins) to propagate ... ⏳

Answer 3 · 2023-02-21T13:57:54.000Z

Have to put this down now for family lunch. If anyone else wants to investigate, please go for it! 🙏

Answer 4 · 2023-02-21T19:47:09.000Z

Returning to this now. ⏳
Reviewing: https://fly.io/apps/dwylapp/certificates/app.dwyl.com we see:

Deleted the entry.
(Will re-create if needed)

Answer 5 · 2023-02-21T20:22:02.000Z

When I run the following cURL command:

curl -v https://app.dwyl.com/

This is the output I see:

*   Trying 172.67.187.145:443...
* Connected to app.dwyl.com (172.67.187.145) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Jun 13 00:00:00 2022 GMT
*  expire date: Jun 13 23:59:59 2023 GMT
*  subjectAltName: host "app.dwyl.com" matched cert's "*.dwyl.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: app.dwyl.com]
* h2h3 [user-agent: curl/7.86.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x158811400)
> GET / HTTP/2
> Host: app.dwyl.com
> user-agent: curl/7.86.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 301 
< date: Tue, 21 Feb 2023 20:05:59 GMT
< content-length: 0
< location: https://app.dwyl.com/
< via: 1.1 fly.io
< fly-request-id: 01GSTSAEHNBZ5JM8VJP3NK157A-lhr
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=seCA%2BSLo8ZV9g91EmG%2BEuMR2Jb1PgQyhjJOyfOIP8Xjamo%2FGnMTMEbhdYxYIWnVjQWYa50cf4D00Y2k5Ry%2FjKAE1L0TDWrEAcNOvnPmvEwqI9r7yA%2BQLZCqGOsxlenI%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 79d219968e1674a5-LHR
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
< 
* Connection #0 to host app.dwyl.com left intact

sadly, this is not very insightful. But including it here as something I tried ... 💭

Answer 6 · 2023-02-21T20:23:14.000Z

Decided to broaden my search: https://www.google.com/search?q=host+flutter+web+app+on+subdomain 🔍

reading: https://stackoverflow.com/questions/71979008/how-to-host-flutter-webapp-on-a-subdomain

Answer 7 · 2023-02-21T20:44:03.000Z

Sadly not very insightful. Only 1 Answer: https://stackoverflow.com/a/71980762/1148249
not very helpful. we don't have a "subdomain folder".

https://www.reddit.com/r/FlutterDev/comments/ijac26/flutter_web_for_site_subdomain/ also pretty much useless. 🤷‍♂️

So ... now reading the docs: https://docs.flutter.dev/development/ui/navigation/url-strategies

Answer 8 · 2023-02-21T21:20:27.000Z

While reading: https://dev.to/solutelabs/flutter-for-web-how-to-deploy-a-flutter-web-app-5gbg
it occurred to me that we might be wasting our time on deploying the Web version of the App to Fly.io ...
As in, unless we specifically need to deploy it to Fly.io ... can't we just host it on GitHub Pages? 🤷‍♂️

Just trying to think this through ... 💭
Will it be easier to make REST API and WebSocket requests to the Phoenix Server hosted on Fly.io?

Answer 9 · 2023-02-22T09:46:49.000Z

Ultimately, the Web App will run in the Browser
so it shouldn't matter where the REST API or WebSocket requests are coming from ...
Buuuuttt ... the problem is API Keys ... specifically the AUTH_API_KEY ...
We either need a way of creating an "Anon" API Key or we need some sort of fingerprint or origin checking. 💭

Answer 10 · 2023-02-22T09:51:17.000Z

Doesn't Fly.io has a way of setting env variables prior to deployment? Similar to what we're using on the workflow files by having repo secrets and using it on the deploy command?
https://fly.io/docs/rails/the-basics/configuration/

Answer 11 · 2023-02-22T10:04:44.000Z

Yeah, FLY does have a way of setting Environment Variables.
That's why it was my first choice for deploying the Flutter Web App ...
But if that environment variable has to be read by the Flutter Web App and is thus visible to the browser,
then it defeats the objective. So we're back to thinking about how to protect secrets. 💭

Answer 12 · 2023-02-23T03:40:40.000Z

Posted follow-up on: https://community.fly.io/t/err-too-many-redirects-when-deploying-flutter-web-app-with-a-cloudflare-proxy/10894/2

Answer 13 · 2023-03-02T03:32:54.000Z

Given that we haven't made any progress on this redirect issue, I vote for trying to deploy this to GitHub Pages: #322 💭

Answer 14 · 2023-03-04T07:17:56.000Z

Closing as this has been deployed to GitHub Pages instead of Fly.io: #322 (comment)
gh-pages has better performance. ✅