This always bites me when setting up a WordPress site on Laravel Forge: You get a redirect loop. This article is therefor mostly written for myself.
The reasoning for this is fairly simple: When the SSL option is set to flexible, Cloudflare does SSL offloading for you. This means that it receives the (https) request, and sends the request on to your server unencrypted. The URL in the WordPress configuration contains https, so WordPress invalidates the request and redirects you to the correct route, which is the exact same. Cloudflare requests the same url, WordPress invalidates the request and redirects, etc.
The steps to fix this are fairly simple but must be done in this order:
1. Make sure the SSL is set to flexible. This makes sure we can request a (Let’s encrypt) certificate. This needs to request a url to validate you own the domain.
2 . Log in on Laravel Forge and install a (free Let’s Ecnrypt) SSL certificate.
3. Go back to Cloudflare and change SSL to Full or Full (strict).
That’s it. Cloudflare now routes the requests to your server on port 443. WordPress sees a valid request and serves the requested page.