I have a wordpress blog on an EC2 instance on AWS using the AMI image aws-marketplace/bitnami-wordpress-6.3.2-6-r09-linux-debian-11-x86_64-hvm-ebs-nami-7d426cb7-9522-4dd7-a56b-55dd8cc1c8d0
In cloudflare both blogdomain.com and www.blogdomain.com goes towards the EC2 instance, and currently I don't force any redirect from "naked" subdomain to www or opposite.
Most of the site works fine and equally on both blogdomain.com and www.blogdomain.com.
However, on /wp-admin/ I receive an ERR_TOO_MANY_REDIRECTS, but only on the www subdomain. Here you can see the result of a curl request to both domains.
HTTP/2 301
date: Fri, 03 Nov 2023 18:02:09 GMT
location: http://www.blogdomain.com/wp-admin/
cache-control: max-age=3600
expires: Fri, 03 Nov 2023 19:02:09 GMT
report-to: {"endpoints":[{"url":"removed"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: removed
HTTP/2 302
date: Fri, 03 Nov 2023 18:02:25 GMT
content-type: text/html; charset=UTF-8
location: https://blogdomain.com/wp-login.php?redirect_to=https%3A%2F%2Fblogdomain.com%2Fwp-admin%2F&reauth=1
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"removed"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: removed
alt-svc: h3=":443"; ma=86400
I've tried to narrow this down, and the redirect from https to http at /wp-admin/ isn't caused by Wordpress, in fact, the reason it ends up in a redirect loop is because Wordpress is the one redirecting back to https, while CF seems to be the one insisting it should be http://.
Full SSL for the domain is enabled in Cloudflare and there are no page rules or workers active for the domain that would cause any redirect from https to http.
If I add <ip address> www.blogdomain.com
in my /etc/hosts (thus bypassing Cloudflare entirely) it just works, no redirect loop occurs, and I'm able to use the admin panel on the www-subdomain.
So for whatever reason it seems this redirect is somehow happening in Cloudflare, and only for /wp-admin/*, which I feel makes no sense, since it's set up to serve https, so if anything CF should redirect from http to https, not the other way around like it does now...
I'm at a loss here on what to do next, could it really be some sort of bug in CF causing this? I've tried to look through all the settings pages multiple times, without finding anything configured that could be the culprit of this.
I've also purged the CF cache numerous times as I've debugged this.
I would really appreciate any kind of help here!