ogo
Typetale
ogo
Typetale
  • Features
  • Pricing
  • Blog
  • What's new
  • FAQs
  • About
Start free trial
ogo
Typetale

The fastest way to launch your Ghost publication. Managed hosting with all the features you need to grow your audience.

Product

  • Features
  • Pricing
  • What's New
  • FAQ
  • Start Free Trial

Compare

  • vs WordPress
  • vs Substack
  • vs Medium
  • vs Ghost Pro

Alternative to

  • Ghost Pro
  • Substack
  • WordPress

Resources

  • About
  • Blog
  • Help Center

Legal

  • Privacy Policy
  • Terms of Service
  • SLA & Uptime
  • Refund Policy

Stay updated

Get the latest news, feature releases, and updates from Typetale delivered to your inbox. No spam, unsubscribe anytime.

© 2026 Typetale. All rights reserved.
GDPR-compliant • EU servers • Privacy-first analytics
Built with by the Typetale team

Troubleshooting Guide: Fixing Ghost CMS Cloudflare SSL Redirect Loops

By Tilak Sasmal — Thu Jun 11 2026

3 min read

Troubleshooting Guide: Fixing Ghost CMS Cloudflare SSL Redirect Loops

Getting locked out of your website by an infinite redirect loop is incredibly frustrating. Seeing the "Too Many Redirects" error page can feel like a dead end when you are ready to publish new content. In this guide, you will learn why this error happens when combining Cloudflare with Ghost CMS and see exactly how to fix it in five minutes.

Why Cloudflare SSL Mismatches Break Ghost Blog Optimization

Integrating a content delivery network is a standard step for Ghost blog optimization, but configuration errors will crash your site. The problem happens when Cloudflare and Nginx have mismatching SSL settings. If Cloudflare expects secure traffic but Nginx answers with unsecure protocols, your site will loop infinitely.

This behavior usually triggers when your Cloudflare SSL mode is set to "Flexible." Flexible SSL encrypts traffic from the visitor to Cloudflare but sends unencrypted HTTP traffic to your host. Since Ghost forces secure HTTPS connections, it rejects the unencrypted traffic and sends a redirect response, starting the loop.

How to Set Cloudflare SSL to Full (Strict)

To stop the redirect loop on your self-hosted site, you must update your Cloudflare encryption settings. If you are completing a self-hosted Ghost migration or general Ghost migrate task, changing your Cloudflare SSL setting to "Full (Strict)" resolves security handshake conflicts. This tells Cloudflare to encrypt requests all the way to your origin server, satisfying Ghost's security requirements.

Before switching to Full (Strict), verify that your Nginx server has an active Let's Encrypt certificate installed. This configuration guarantees that encrypted traffic flows correctly through the proxy to the backend. It also ensures web browsers load your site securely without security warnings.

Adjusting Nginx Configuration Headers

If you are running your application via a Ghost Docker migration, Nginx must pass headers to let Ghost know the incoming connection is secure. Docker (a containerization tool that packages software into virtual environments) isolates the Ghost service, making it unaware of Cloudflare's SSL proxy layer. Without these headers (metadata sent along with HTTP requests to provide context to the server), Ghost assumes the connection is unsecure.

Add the following lines to your Nginx location block to forward the correct headers into your container:

proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

These parameters let Ghost know that Cloudflare successfully handled the SSL handshake. Once Nginx passes these variables, Ghost stops sending redirect instructions to your visitors.

Verifying SSL Settings During Host Transfers

When you transfer Ghost blog to new host servers, ensuring your proxy configurations match is essential to prevent downtime. Copying database files without setting up your SSL keys on the new server will trigger redirect errors. Always verify that your new server is ready to handle HTTPS requests before routing live domain traffic.

Check the table below to see how different Cloudflare SSL configurations behave on your server.

Cloudflare SSL Mode Browser to Cloudflare Cloudflare to Origin Server Origin SSL Requirement
Flexible SSL Encrypted (HTTPS) Unencrypted (HTTP) None (Triggers Ghost redirect loop)
Full SSL Encrypted (HTTPS) Encrypted (HTTPS) Self-signed certificate allowed
Full (Strict) SSL Encrypted (HTTPS) Encrypted (HTTPS) Valid CA certificate required (Recommended)

Comparing Managed Ghost Hosting to Self-Hosted Proxy Maintenance

Self-hosting Ghost behind a proxy requires you to configure and manage Nginx, SSL certificates, and Cloudflare rules manually. If you prefer to avoid editing server blocks, conducting a Ghost hosting comparison highlights simpler hosting options. Selecting managed Ghost hosting platforms offloads SSL certificate management to the hosting provider.

For writers who want to avoid reverse proxy errors entirely, executing a Ghost to Typetale migration or moving from Ghost(Pro) to Typetale is a great path forward. Typetale integrates edge caching and automated SSL configuration into the platform. This lets you connect custom domains instantly without touching server code or Nginx files. Below is a comparison to help you find the best managed Ghost hosting setup or alternative.

Conclusion

Cloudflare SSL redirect loops are easy to fix once you understand the handshake protocol between Nginx and the edge proxy. Always set your Cloudflare mode to Full (Strict) and ensure your Nginx server block forwards the secure protocol header.

If managing server security and proxy configs consumes too much of your time, choosing an automated platform like Typetale lets you focus on publishing.

An end-to-end secure SSL connection protects your readers and stops loop errors before they start.

Read more

Ghost 6: Ghost CMS SQL Injection (v3.24.0 – v6.19.0)
Ghost 6: Ghost CMS SQL Injection (v3.24.0 – v6.19.0)

The cybersecurity community has identified a significant vulnerability within the Ghost CMS ecosystem. This is a third-party advisory intended to inform all administrators, developers, and stakeholder…

Tilak Sasmal•Feb 18, 2026•2 min read
Welcoming Ghost 6 native analytics
Welcoming Ghost 6 native analytics

We are going to deprecate the OG Plausible analytics in Favour of Ghost 6 introduced a native analytics. Read the post to know when we are going to sunset the OG Analytics.…

Tilak Sasmal•Sep 21, 2025•2 min read
Ghost 6 now on typetale!
Ghost 6 now on typetale!

Ghost 6 is now on Typetale! We've made some key changes to the official version to ensure your data stays private and your social network has no limits. Read on to learn how we're making Ghost 6 even …

Tilak Sasmal•Sep 18, 2025•2 min read
Feature drop from Typetale
Feature drop from Typetale

✨ Greetings, wonderful typetale community! Merry Christmas 🎅 As we wrap up this incredible year, I hope you're finding joy and good health in these festive moments! I'm excited to share my first fea…

Tilak Sasmal•Dec 25, 2024•1 min read