Medium + Custom Domain + CloudFlare
Overall super smooth and quick … apart from that HTTPS redirect loop
Paying Medium $75 for the pleasure … on top of my $5 medium Membership. Yai!
The process was super quick apart from that 1 small loop-da-loop problem I ran into.
Because it was so quick, I had some time left today to document the process.
I could have split it into 3 posts … but I prefer long form copy.
🙏 I am no expert. So if you have suggestions for improvements, I would ❤️ those! Just ping me a response.
- Using CloudFlare to setup my domain with Medium was easy and quick
- just one issue
- https to the domain was redirecting to itself … causing a loop, even with CloudFlare SSL set to
- switching CloudFlare Crypto SSL from
Full (Strict)resolved this issue
Great fast support from Medium & CloudFlare
- I paid Medium at 8:41 UK time, and was contacted by them 12 minutes later asking for confirmation that I wanted to host my apex/root domain on Medium.
- As I was busy setting up my Publication, I did not reply till 9:45.
- At 9:46 (…yes 1 minute later…) Berik emails me back the DNS details.
- By 10:48 DNS was setup and propagated, but at 10:51 I noticed the SSL redirect loop.
- As I like to figure stuff out myself, I did not contact CloudFlare about this issue till 11:59.
- Damiete from CloudFlare confirmed that the changes I made had been applied by 12:06
- Then at 12:17 Medium confirmed all was working, and by 12:36 CloudFlare confirmed that in my case the cause was the SSL mode.
How to setup your Custom Domain on Medium with CloudFlare Power
Here is the step by step.
Don’t be like me … Mr. Trial & Error … hacking my way around to get shit done.
Step 1 — Setup a Publication
You can only use Custom Domains with Publications. So get that setup first if you don’t have one.
Keep it simple and basic — you can expand it when you are waiting for your DNS changes to spread over the interwebs.
Step 2 — Enable your Custom Domain … pay $75
Once you have a Publication setup, you need to get a custom domain enabled for it.
Just visit your publication, and click its icon in the top right to go to “Homepage & settings”.
Then click the “Use your own domain” link.
You can see me do it in the GIF here.
Next, complete the payment form by entering the (sub) domain you want to use, your registrar and payment details.
The FAQ listed there is useful if you have any more questions.
Our support team will contact you with further instructions to complete the process as soon as possible.
Once payment is processed you will receive the usual Stripe receipt, followed by the Medium Domain Support email.
In my case, I got the support email in less then 15 minutes.
Because I setup to use my Root/apex domain (e.g. imrat.com, instead of sub.imrat.com or www.imrat.com), they contacted me to confirm this was what i really wanted.
After confirming it was, I received the DNS details a minute later.
Step 3 — Transfer Domain NS to CloudFlare
I decided to use CloudFlare for DNS. Why?
That’s probably a post in itself.
I like to keep an eye on suspicious traffic that hits my sites. I also want to make sure the stats I see in Medium are real stats — not bots. Lastly, you get 3 free page rules which are crazy powerful.
Add your domain to CloudFlare
I’ll assume you have a CloudFlare account, and that you are moving an existing domain to CloudFlare.
Login and click the
+ Add Site button in the top right corner of the main overview screen, and enter your domain and click
The scan will try and detect all your existing DNS settings.
Configure existing DNS records
It does a decent job but it is NOT perfect. So do not assume the suggested DNS settings have copied all the ones you need.
In my case, it had picked up the old A records for the apex and www subdomain but was missing some custom subdomains.
It also didn’t copy the SPF TXT record for Google Apps to make sure emails is delivered. It did copy the right DKIM TXT record and MX records for Google Apps.
Add any missing records yourself by checking your current DNS provider. Often this is your domain registrar.
Update domains nameservers to those provided by CloudFlare
Once you have added all the required DNS records, you need to update your domain by changing the domain’s nameservers to the ones listed on the CloudFlare page.
Wait for DNS Propagation
Now, wait for the nameserver changes to propagate. This may take 24–48 hours.
In my case, it was less then an hour.
TIP: Do not click the “Check DNS” button in CloudFlare as you can only check once an hour.
Instead, use Whats My DNS to check propagation. Enter your root domain, and select
NS in the drop down. Don’t use the advanced options. Then click
And wait for the search to complete …
Scroll over the long list of locations that have a green ✔️ next to them to make sure the nameservers CloudFlare gave you are listed.
If they are correct then DNS Propagation is good and you can proceed by getting CloudFlare to validate propagation and it should give you the OK straight away.
Step 4 — Setup A & CNAME records from Medium
Medium will email you the DNS details you need to complete your setup.
There are a bunch of A records and a CNAME.
The A records are also listed here. So you don’t need to wait for the email to start with those.
But the CNAME record for SSL verification is custom to your domain, so you will need the email from Medium that tells you what it is.
TIP: It is not obvious from the Medium docs whether the A records need to be DNS only or set to CloudFlare. Luckily the CloudFlare guide is pretty detailed and confirms this.
The custom CNAME for SSL should not be Orange.
Propagation of these changes should be almost immediate.
Note: You can not use WhatsMyDNS now to check this because the IPs that show up are CloudFlare’s 2 IPs and not Medium’s.
If your wondering why? In simple terms — CloudFlare sits in front of Medium’s servers. So when your browser requests your homepage, it is CloudFlare’s servers that will make the request to Medium, which is why you see their IP.
Step 5 — Set correct Crypto SSL setting
The CloudFlare docs say you can use both
Full (strict) but in my case using
Full instead of
Full (strict) caused the redirect loop I have described in detail further down.
Step 6 — Optional CloudFlare settings
As I mentioned, CloudFlare is pretty powerful and even their Free plan comes with a ton of features enabled.
Here are some of the top ones I like, that I enabled on my domain.
You get 3 free page rules with your free CloudFlare plan. Here is a great walkthrough video.
Redirect http to https
I know Medium handles this, but visits hit CloudFlare first, so I prefer to setup a page rule there to redirect http to https. Make sure this rule is at the top of your rules list.
www.imrat.com to imrat.com
Doing this will avoid dupe content issues with the big G and others.
This hides email addresses from visits that CloudFlare sees as suspicious, like bots.
I have it switched on under the Scrape Shield section.
If you only want a specific URL pattern to use it, or disable it for a specific page — you will need to use a Page Rule.
Disable speed improvements
I am presuming here that Medium does all this for me already so I am disabling many of the speed improvement options.
- Disable Auto Minify options
- Disable G’s traffic hijacking — Accelerated Mobile Page (AMP)
- Switch RocketLoader off
- Keep the default Caching settings
Step 7— Sign in to “Medium” again using your own domain
Now load your own domain in your browser and it should show your publication.
TIP: Login sessions don’t persist across domains. So login again.
I ran into this whilst writing this guide. Login sessions (doh should have known) are domain specific, so you have to click the “Sign in” link when on your Medium custom domain to ensure your logged in.
If you don’t do this — Medium will keep redirecting you to your own domain when you try and edit settings, which you can not do unless your logged in.
Step 8— Move posts to the publication
A publication is nothing without content.
So start writing.
Or move some of your posts to your publication.
- Open one of your posts
- Click the
Editbutton at the top
- Click the
...button to see the
Add to publicationoption
- Select the publication you want to add your post to
Once you have done that, make sure you check your publications Homepage settings to make sure you have set it so posts appear there.
Diagnosing an HTTPS Redirect Loop
After setting up the Domain DNS with CloudFlare and waiting for a bit for it to propagate I tested my domain in Chrome.
Resulting in a loop and browser error.
Here are the steps I went through to get to the bottom of this issue while waiting for replies from CloudFlare and Medium support.
1. How is it supposed to work
As I’ve never hosted anything on Medium, I needed to know what the requests are supposed to look like.
So I checked the Signal v. Noise domain that I know is hosted on Medium.
The first requests resulted in these redirects.
Ignoring that first 302 to m.signalvnoise.com it seems the first time you visit a medium hosted domain, it redirects via some identification URL on Medium: https://medium.com/m/global-identity?redirectUrl=…..
This then redirects back to the original URL with a
gi querystring appended, which I assume is for tracking me.
Then when I load the domain again, the additional hop via medium.com/m/global-identity does not happen.
So what happens for my domain …
2. Check the raw request & response
To see if there was an issue with the http request, I used
curl. Key lines highlighted. Apart from the problematic 301 response it seems fine.
$ curl -v https://imrat.com* Rebuilt URL to: https://imrat.com/
* Trying 188.8.131.52...
* TCP_NODELAY set
* Connected to imrat.com (184.108.40.206) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate: sni234740.cloudflaressl.com
* Server certificate: COMODO ECC Domain Validation Secure Server CA 2
* Server certificate: COMODO ECC Certification Authority
> GET / HTTP/1.1
> Host: imrat.com
> User-Agent: curl/7.51.0
> Accept: */*
< HTTP/1.1 301 Moved Permanently
< Date: Fri, 14 Apr 2017 10:40:07 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=d9d686fcac05dfbd17acdac63f338dee91492166407; expires=Sat, 14-Apr-18 10:40:07 GMT; path=/; domain=.imrat.com; HttpOnly
< Location: https://imrat.com/
< Server: cloudflare-nginx
< CF-RAY: 34f60b8f5d690cb3-LHR
<head><title>301 Moved Permanently</title></head>
<center><h1>301 Moved Permanently</h1></center>
* Curl_http_done: called premature == 0
* Connection #0 to host imrat.com left intact
3. Circumvent CloudFlare
What was unclear to me was whether this redirect was issued / caused by CloudFlare or Medium.
So next step I eliminated CF and made the request direct to one of the Medium IPs.
I temporarily updated
/etc/hosts on my Mac, and added a medium IP with my domain:
Then I made another
curl request like before and you can see that it responds with a 302 redirect.
$ curl -v https://imrat.com# ... abbreviated ...* Connected to imrat.com (220.127.116.11) port 443 (#0)
* Server certificate: imrat.com
< HTTP/1.1 302 Moved Temporarily
< Location: https://medium.com/m/global-identity?redirectUrl=https://imrat.com/
Ah that looks more like it.
Like you can see above with the test using Signal v Noise, there is that redirect via https://medium.com/m/global-identity.
4. How does Medium handle HTTP requests
My next step was to figure out how Medium handles non-SSL requests.
$ curl -v http://imrat.com# ... abbreviated ...< HTTP/1.1 301 Moved Permanently
< Location: https://imrat.com/
After this check, I removed the Medium IP from the
/etc/hosts so requests would again go via CloudFlare.
5. The cause … maybe
I am not sure about this but what seems to be happening is that CloudFlare is receiving the 301 redirect from Medium, because somehow Medium is receiving an HTTP request from CloudFlare?
CloudFlare SSL settings were set to
Full so this should not be happening according to their documentation.
Only when SSL is set to Flexible, will the request to Medium (Origin server) be issued with HTTP.
6. Confirmation of fix
To eliminate SSL mode as the cause or fix it — I set the SSL mode (under Crypto settings) to
I reloaded my site …. and …. result!
And around the same time, I got confirmation from CloudFlare support and Medium Support.