Medium + Custom Domain + CloudFlare

Overall super smooth and quick … apart from that HTTPS redirect loop

I decided to make the plunge and host my domain on Medium, using Cloudflare for DNS.

Paying Medium $75 for the pleasure … on top of my $5 medium Membership. Yai!

The process was super quick apart from that 1 small loop-da-loop problem I ran into.

Because it was so quick, I had some time left today to document the process.

I could have split it into 3 posts … but I prefer long form copy.

🙏 I am no expert. So if you have suggestions for improvements, I would ❤️ those! Just ping me a response.

TLDR;

  • Using CloudFlare to setup my domain with Medium was easy and quick
  • just one issue
  • https to the domain was redirecting to itself … causing a loop, even with CloudFlare SSL set to Full
  • switching CloudFlare Crypto SSL from Full to Full (Strict) resolved this issue

Great fast support from Medium & CloudFlare

Thank you Berik from Medium Staff and Damiete from Cloudflare. You were super responsive.

  • I paid Medium at 8:41 UK time, and was contacted by them 12 minutes later asking for confirmation that I wanted to host my apex/root domain on Medium.
  • As I was busy setting up my Publication, I did not reply till 9:45.
  • At 9:46 (…yes 1 minute later…) Berik emails me back the DNS details.
  • By 10:48 DNS was setup and propagated, but at 10:51 I noticed the SSL redirect loop.
  • As I like to figure stuff out myself, I did not contact CloudFlare about this issue till 11:59.
  • Damiete from CloudFlare confirmed that the changes I made had been applied by 12:06
  • Then at 12:17 Medium confirmed all was working, and by 12:36 CloudFlare confirmed that in my case the cause was the SSL mode.

How to setup your Custom Domain on Medium with CloudFlare Power

Here is the step by step.

The Medium and CloudFlare documentation is pretty detailed — so it is worth skimming through that …

Don’t be like me … Mr. Trial & Error … hacking my way around to get shit done.

Step 1 — Setup a Publication

You can only use Custom Domains with Publications. So get that setup first if you don’t have one.

Keep it simple and basic — you can expand it when you are waiting for your DNS changes to spread over the interwebs.

Step 2 — Enable your Custom Domain … pay $75

Once you have a Publication setup, you need to get a custom domain enabled for it.

Custom Domain for Publications

Just visit your publication, and click its icon in the top right to go to “Homepage & settings”.

Then click the “Use your own domain” link.

You can see me do it in the GIF here.

Next, complete the payment form by entering the (sub) domain you want to use, your registrar and payment details.

The FAQ listed there is useful if you have any more questions.

Our support team will contact you with further instructions to complete the process as soon as possible.

Once payment is processed you will receive the usual Stripe receipt, followed by the Medium Domain Support email.

In my case, I got the support email in less then 15 minutes.

Because I setup to use my Root/apex domain (e.g. imrat.com, instead of sub.imrat.com or www.imrat.com), they contacted me to confirm this was what i really wanted.

After confirming it was, I received the DNS details a minute later.

Step 3 — Transfer Domain NS to CloudFlare

I decided to use CloudFlare for DNS. Why?

That’s probably a post in itself.

I like to keep an eye on suspicious traffic that hits my sites. I also want to make sure the stats I see in Medium are real stats — not bots. Lastly, you get 3 free page rules which are crazy powerful.

Add your domain to CloudFlare

I’ll assume you have a CloudFlare account, and that you are moving an existing domain to CloudFlare.

Login and click the + Add Site button in the top right corner of the main overview screen, and enter your domain and click Begin Scan.

Click the “add site” button
Scan your domain DNS

The scan will try and detect all your existing DNS settings.

Configure existing DNS records

It does a decent job but it is NOT perfect. So do not assume the suggested DNS settings have copied all the ones you need.

In my case, it had picked up the old A records for the apex and www subdomain but was missing some custom subdomains.

It also didn’t copy the SPF TXT record for Google Apps to make sure emails is delivered. It did copy the right DKIM TXT record and MX records for Google Apps.

Add any missing records yourself by checking your current DNS provider. Often this is your domain registrar.

Update domains nameservers to those provided by CloudFlare

Once you have added all the required DNS records, you need to update your domain by changing the domain’s nameservers to the ones listed on the CloudFlare page.

Their guide is excellent and links to instructions for many registrars and DNS companies.

Wait for DNS Propagation

Now, wait for the nameserver changes to propagate. This may take 24–48 hours.

In my case, it was less then an hour.

TIP: Do not click the “Check DNS” button in CloudFlare as you can only check once an hour.

Instead, use Whats My DNS to check propagation. Enter your root domain, and select NS in the drop down. Don’t use the advanced options. Then click Search

Check NS records for your Root domain.

And wait for the search to complete …

Scroll over the long list of locations that have a green ✔️ next to them to make sure the nameservers CloudFlare gave you are listed.

DNS NS Record Values Across the World

If they are correct then DNS Propagation is good and you can proceed by getting CloudFlare to validate propagation and it should give you the OK straight away.

Step 4 — Setup A & CNAME records from Medium

Medium will email you the DNS details you need to complete your setup.

There are a bunch of A records and a CNAME.

The A records are also listed here. So you don’t need to wait for the email to start with those.

But the CNAME record for SSL verification is custom to your domain, so you will need the email from Medium that tells you what it is.

TIP: It is not obvious from the Medium docs whether the A records need to be DNS only or set to CloudFlare. Luckily the CloudFlare guide is pretty detailed and confirms this.

A records need to be orange!

The custom CNAME for SSL should not be Orange.

Make sure the SSL CNAME is not Orange — ie is set to DNS only mode

Propagation of these changes should be almost immediate.

Note: You can not use WhatsMyDNS now to check this because the IPs that show up are CloudFlare’s 2 IPs and not Medium’s.

If your wondering why? In simple terms — CloudFlare sits in front of Medium’s servers. So when your browser requests your homepage, it is CloudFlare’s servers that will make the request to Medium, which is why you see their IP.

Step 5 — Set correct Crypto SSL setting

The CloudFlare docs say you can use both Full and Full (strict) but in my case using Full instead of Full (strict) caused the redirect loop I have described in detail further down.

In CloudFlare, select the “Cryto” section
Set SSL to Full Strict

Step 6 — Optional CloudFlare settings

As I mentioned, CloudFlare is pretty powerful and even their Free plan comes with a ton of features enabled.

Here are some of the top ones I like, that I enabled on my domain.

You get 3 free page rules with your free CloudFlare plan. Here is a great walkthrough video.

Redirect http to https

I know Medium handles this, but visits hit CloudFlare first, so I prefer to setup a page rule there to redirect http to https. Make sure this rule is at the top of your rules list.

www.imrat.com to imrat.com

Doing this will avoid dupe content issues with the big G and others.

Email obfuscation

This hides email addresses from visits that CloudFlare sees as suspicious, like bots.

I have it switched on under the Scrape Shield section.

If you only want a specific URL pattern to use it, or disable it for a specific page — you will need to use a Page Rule.

Disable speed improvements

I am presuming here that Medium does all this for me already so I am disabling many of the speed improvement options.

  • Disable Auto Minify options
  • Disable G’s traffic hijacking — Accelerated Mobile Page (AMP)
  • Switch RocketLoader off
  • Keep the default Caching settings

Step 7— Sign in to “Medium” again using your own domain

Almost done.

Now load your own domain in your browser and it should show your publication.

TIP: Login sessions don’t persist across domains. So login again.

I ran into this whilst writing this guide. Login sessions (doh should have known) are domain specific, so you have to click the “Sign in” link when on your Medium custom domain to ensure your logged in.

If you don’t do this — Medium will keep redirecting you to your own domain when you try and edit settings, which you can not do unless your logged in.

Step 8— Move posts to the publication

A publication is nothing without content.

So start writing.

Or move some of your posts to your publication.

  • Open one of your posts
  • Click the Edit button at the top
  • Click the ... button to see the Add to publication option
  • Select the publication you want to add your post to

Once you have done that, make sure you check your publications Homepage settings to make sure you have set it so posts appear there.

Diagnosing an HTTPS Redirect Loop

After setting up the Domain DNS with CloudFlare and waiting for a bit for it to propagate I tested my domain in Chrome.

Requests to https://imrat.com kept getting a 301 Location: https://imrat.com/ redirect.

Resulting in a loop and browser error.

Nice HTTPS Redirect Loop

Here are the steps I went through to get to the bottom of this issue while waiting for replies from CloudFlare and Medium support.

1. How is it supposed to work

As I’ve never hosted anything on Medium, I needed to know what the requests are supposed to look like.

So I checked the Signal v. Noise domain that I know is hosted on Medium.

The first requests resulted in these redirects.

Ignoring that first 302 to m.signalvnoise.com it seems the first time you visit a medium hosted domain, it redirects via some identification URL on Medium: https://medium.com/m/global-identity?redirectUrl=…..

This then redirects back to the original URL with a gi querystring appended, which I assume is for tracking me.

Then when I load the domain again, the additional hop via medium.com/m/global-identity does not happen.

So what happens for my domain …

2. Check the raw request & response

To see if there was an issue with the http request, I used curl. Key lines highlighted. Apart from the problematic 301 response it seems fine.

$ curl -v https://imrat.com* Rebuilt URL to: https://imrat.com/
* Trying 104.18.56.125...
* TCP_NODELAY set
* Connected to imrat.com (104.18.56.125) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate: sni234740.cloudflaressl.com
* Server certificate: COMODO ECC Domain Validation Secure Server CA 2
* Server certificate: COMODO ECC Certification Authority
> GET / HTTP/1.1
> Host: imrat.com
> User-Agent: curl/7.51.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Fri, 14 Apr 2017 10:40:07 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=d9d686fcac05dfbd17acdac63f338dee91492166407; expires=Sat, 14-Apr-18 10:40:07 GMT; path=/; domain=.imrat.com; HttpOnly
< Location: https://imrat.com/
< Server: cloudflare-nginx
< CF-RAY: 34f60b8f5d690cb3-LHR
<
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Curl_http_done: called premature == 0
* Connection #0 to host imrat.com left intact

3. Circumvent CloudFlare

What was unclear to me was whether this redirect was issued / caused by CloudFlare or Medium.

So next step I eliminated CF and made the request direct to one of the Medium IPs.

I temporarily updated /etc/hosts on my Mac, and added a medium IP with my domain:

52.0.16.118 imrat.com

Then I made another curl request like before and you can see that it responds with a 302 redirect.

$ curl -v https://imrat.com# ... abbreviated ...* Connected to imrat.com (52.0.16.118) port 443 (#0)
* Server certificate: imrat.com
< HTTP/1.1 302 Moved Temporarily
< Location: https://medium.com/m/global-identity?redirectUrl=https://imrat.com/

Ah that looks more like it.

Like you can see above with the test using Signal v Noise, there is that redirect via https://medium.com/m/global-identity.

4. How does Medium handle HTTP requests

My next step was to figure out how Medium handles non-SSL requests.

$ curl -v http://imrat.com# ... abbreviated ...< HTTP/1.1 301 Moved Permanently
< Location: https://imrat.com/

After this check, I removed the Medium IP from the /etc/hosts so requests would again go via CloudFlare.

5. The cause … maybe

I am not sure about this but what seems to be happening is that CloudFlare is receiving the 301 redirect from Medium, because somehow Medium is receiving an HTTP request from CloudFlare?

CloudFlare SSL settings were set to Full so this should not be happening according to their documentation.

Only when SSL is set to Flexible, will the request to Medium (Origin server) be issued with HTTP.

CloudFlare SSL options

6. Confirmation of fix

To eliminate SSL mode as the cause or fix it — I set the SSL mode (under Crypto settings) to Full (strict).

I set the mode to Full (strict)

I reloaded my site …. and …. result!

No loop.

And around the same time, I got confirmation from CloudFlare support and Medium Support.

Cause confirmed!
And Medium Support confirm all is OK as well!

Thank y0u Berik from Medium Staff and Damiette from Cloudflare. Both of you were super responsive.

I write about Marketing, Web, or what motivates me at the moment. Right now — its just 1 big Medium experiment. I used to sneak around and break things online.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store