IBM Bluemix. cf version 6.21.0+dff2cf8-2016-07-27
-------> Buildpack version 1.3.6
Downloaded [file:///var/vcap/data/dea_next/admin_buildpacks/d7214a80-2e86-49ea-987d-c06f376ff950_de3bedc191535d4743e0b391458736b183f9209b/dependencies/https___pivotal-buildpacks.s3.amazonaws.com_concourse-binaries_nginx_nginx-1.9.14-linux-x64.tgz]
App/0162.158.162.29, 108.168.250.152 - - - [11/Aug/2016:03:31:49 +0000] "GET / HTTP/1.1" 301 1782016-08-11T10:31:49.741+0700
RTR/1eragano.com - [11/08/2016:03:31:49.735 +0000] "GET / HTTP/1.1" 301 0 178 "-" "curl/7.49.1" 108.168.250.152:19570 x_forwarded_for:"162.158.162.29" x_forwarded_proto:"http" vcap_request_id:6fe316d2-1b63-4f98-67c5-b76c1bef074a response_time:0.004735874 app_id:3eb4af31-6082-42db-b363-d9709803d8bc x_global_transaction_id:"3058027583"
$ curl -v https://www.eragano.com/
* timeout on name lookup is not supported
* Trying 104.28.12.205...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to www.eragano.com (104.28.12.205) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: C:\Users\ceefour\.lein\bin\curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [102 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3424 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [149 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=sni76253.cloudflaressl.com
* start date: Aug 9 00:00:00 2016 GMT
* expire date: Feb 12 23:59:59 2017 GMT
* subjectAltName: host "www.eragano.com" matched cert's "*.eragano.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* TCP_NODELAY set
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x68ce90)
} [5 bytes data]
> GET / HTTP/1.1
> Host: www.eragano.com
> User-Agent: curl/7.49.1
> Accept: */*
>
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
* HTTP 1.0, assume close after body
< HTTP/2 301
< date: Thu, 11 Aug 2016 03:29:33 GMT
< content-type: text/html
< set-cookie: __cfduid=dafc17cc9e01e7dc926ac8617cfe4fa531470886173; expires=Fri, 11-Aug-17 03:29:33 GMT; path=/; domain=.eragano.com; HttpOnly
< x-backside-transport: OK OK
< location: https://www.eragano.com/
< x-vcap-request-id: 558316fa-7ce6-4fd3-650e-aa88d58a1dbe
< x-client-ip: 162.158.163.13
< x-global-transaction-id: 2354409361
< server: cloudflare-nginx
< cf-ray: 2d089a988c9e1123-SIN
<
{ [178 bytes data]
100 178 0 178 0 0 227 0 --:--:-- --:--:-- --:--:-- 227<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]
It seems CloudFlare by default (Flexible) always proxies using HTTP, even if browser is HTTPS.
While CloudFlare Full proxies using HTTPS if browser HTTPS, and using HTTP if browser is HTTP.
$ curl -v http://eragano-com.mybluemix.net
* Rebuilt URL to: http://eragano-com.mybluemix.net/
* timeout on name lookup is not supported
* Trying 169.54.245.69...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to eragano-com.mybluemix.net (169.54.245.69) port 80 (#0)
> GET / HTTP/1.1
> Host: eragano-com.mybluemix.net
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< X-Backside-Transport: OK OK
< Connection: Keep-Alive
< Transfer-Encoding: chunked
< Content-Type: text/html
< Date: Thu, 11 Aug 2016 04:03:40 GMT
< Location: https://eragano-com.mybluemix.net/
< Server: nginx
< X-Global-Transaction-ID: 1613537793
<
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0{ [189 bytes data]
100 178 0 178 0 0 189 0 --:--:-- --:--:-- --:--:-- 207<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host eragano-com.mybluemix.net left intact