Chore: investigate "redirected you too many times." error for `app.dwyl.com`

[nelsonic]

As noted in #312 our Flutter (Alpha) App was deployed to Fly.io: https://dwylapp.fly.dev 🚀

https://fly.io/apps/dwylapp

The IP v4 address is: 149.248.196.139

We configured a DNS A record in Cloudflare: https://dash.cloudflare.com/a8700dad540bfd2b1c20a00a65795d56/dwyl.com/dns/records

https://app.dwyl.com

It's not a cookies/cache issue, we've attempted this on completely stock fresh installs of Chrome and Firefox.

The error:

redirected you too many times.

Suggests that the redirect is occurring in Fly.io layer and not Cloudflare ... We previously got Cloudflare error pages:

That was before we configured a static IP V4 address: https://github.com/dwyl/app/issues/312#issuecomment-1438166675

Note: Both auth.dwyl.com and hits.dwyl.com are hosted on Fly.io with A Records on Cloudflare pointing to the IP v4 Address of the App.

Todo

• [ ] Study the configuration in /auth and /hits to see if we can learn anything. 🔍
• [ ] Research how other Flutter Web Apps are deployed
  • [ ] What needs to be updated in our config to enable the subdomain to be successfully routed?
• [ ] Update the Fly.io Community question https://community.fly.io/t/err-too-many-redirects-when-deploying-flutter-web-app-with-a-cloudflare-proxy/10894 to add additional context. Specifically we have deployed 2 apps to Fly.io with subdomains configured by A records on Clourdflare DNS and both work fine without any additional config.

[nelsonic]

Reading: https://fly.io/blog/how-to-custom-domains-with-fly/ trying:

flyctl certs create -a custom-quartz example.com

e.g:

flyctl certs create -a dwylapp app.dwyl.com

Get the following output:

A Record (172.67.187.145) does not match app's IP (149.248.196.139)
AAAA Record (2606:4700:3037::ac43:bb91) does not match app's IP (2a09:8280:1::6:e881)
Address resolution (172.67.187.145) does not match app's IP (149.248.196.139/2a09:8280:1::6:e881)
Address resolution (104.21.7.133) does not match app's IP (149.248.196.139/2a09:8280:1::6:e881)
Address resolution (2606:4700:3037::ac43:bb91) does not match app's IP (149.248.196.139/2a09:8280:1::6:e881)
Address resolution (2606:4700:3032::6815:785) does not match app's IP (149.248.196.139/2a09:8280:1::6:e881)
You are creating a certificate for app.dwyl.com
We are using Let's Encrypt for this certificate.

You can configure your DNS for app.dwyl.com by:

1: Adding an CNAME record to your DNS service which reads:

    CNAME app. dwylapp.fly.dev

[nelsonic]

Had to delete the A record:

Then configured the CNAME:

Should take some time (usually 20 mins) to propagate ... ⏳

[nelsonic]

Have to put this down now for family lunch. If anyone else wants to investigate, please go for it! 🙏

[nelsonic]

Returning to this now. ⏳ Reviewing: https://fly.io/apps/dwylapp/certificates/app.dwyl.com we see:

Deleted the entry. (Will re-create if needed)

[nelsonic]

When I run the following cURL command:

curl -v https://app.dwyl.com/

This is the output I see:

*   Trying 172.67.187.145:443...
* Connected to app.dwyl.com (172.67.187.145) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Jun 13 00:00:00 2022 GMT
*  expire date: Jun 13 23:59:59 2023 GMT
*  subjectAltName: host "app.dwyl.com" matched cert's "*.dwyl.com"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: app.dwyl.com]
* h2h3 [user-agent: curl/7.86.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x158811400)
> GET / HTTP/2
> Host: app.dwyl.com
> user-agent: curl/7.86.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 301 
< date: Tue, 21 Feb 2023 20:05:59 GMT
< content-length: 0
< location: https://app.dwyl.com/
< via: 1.1 fly.io
< fly-request-id: 01GSTSAEHNBZ5JM8VJP3NK157A-lhr
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=seCA%2BSLo8ZV9g91EmG%2BEuMR2Jb1PgQyhjJOyfOIP8Xjamo%2FGnMTMEbhdYxYIWnVjQWYa50cf4D00Y2k5Ry%2FjKAE1L0TDWrEAcNOvnPmvEwqI9r7yA%2BQLZCqGOsxlenI%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 79d219968e1674a5-LHR
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
< 
* Connection #0 to host app.dwyl.com left intact

sadly, this is not very insightful. But including it here as something I tried ... 💭

[nelsonic]

Decided to broaden my search: https://www.google.com/search?q=host+flutter+web+app+on+subdomain 🔍

reading: https://stackoverflow.com/questions/71979008/how-to-host-flutter-webapp-on-a-subdomain

[nelsonic]

Sadly not very insightful. Only 1 Answer: https://stackoverflow.com/a/71980762/1148249 not very helpful. we don't have a "subdomain folder".

https://www.reddit.com/r/FlutterDev/comments/ijac26/flutter_web_for_site_subdomain/ also pretty much useless. 🤷‍♂️

So ... now reading the docs: https://docs.flutter.dev/development/ui/navigation/url-strategies

[nelsonic]

While reading: https://dev.to/solutelabs/flutter-for-web-how-to-deploy-a-flutter-web-app-5gbg it occurred to me that we might be wasting our time on deploying the Web version of the App to Fly.io ... As in, unless we specifically need to deploy it to Fly.io ... can't we just host it on GitHub Pages? 🤷‍♂️

Just trying to think this through ... 💭 Will it be easier to make REST API and WebSocket requests to the Phoenix Server hosted on Fly.io?

[nelsonic]

Ultimately, the Web App will run in the Browser so it shouldn't matter where the REST API or WebSocket requests are coming from ... Buuuuttt ... the problem is API Keys ... specifically the AUTH_API_KEY ... We either need a way of creating an "Anon" API Key or we need some sort of fingerprint or origin checking. 💭

[LuchoTurtle]

Doesn't Fly.io has a way of setting env variables prior to deployment? Similar to what we're using on the workflow files by having repo secrets and using it on the deploy command? https://fly.io/docs/rails/the-basics/configuration/

[nelsonic]

Yeah, FLY does have a way of setting Environment Variables. That's why it was my first choice for deploying the Flutter Web App ... But if that environment variable has to be read by the Flutter Web App and is thus visible to the browser, then it defeats the objective. So we're back to thinking about how to protect secrets. 💭

[nelsonic]

Posted follow-up on: https://community.fly.io/t/err-too-many-redirects-when-deploying-flutter-web-app-with-a-cloudflare-proxy/10894/2

[nelsonic]

Given that we haven't made any progress on this redirect issue, I vote for trying to deploy this to GitHub Pages: https://github.com/dwyl/app/issues/322 💭

[nelsonic]

Closing as this has been deployed to GitHub Pages instead of Fly.io: https://github.com/dwyl/app/issues/322#issuecomment-1454600019 :shipit: gh-pages has better performance. ✅