Cloudflare!

MOST AWESOME EVER

While we wait for https://letsencrypt.com.

I wanted some https on my site, mainly for being able to sign in on this spesific blog more safely, and because ssl is a common pain in the ass to set up.
And, being the cheap bastard I am, I wanted it for free!

To set this up, I signed up for a free [cloudflare.com](h
ttps://cloudflare.com) account.

The guide wanted me to use cloudflares DNS, to be able to do its black arts.
There was an issue with where it thought my DNS was hosted at the time
of changing, as it did not refer to my registrar.

When this was resolved, cloudflare started doing its thing, and i was pleasantly surprised of how smooth it was. Usually, I have to fight a million different issues everytime i do something like this for the first time.

I started off with Flexible SSL and I got ssl, on the main domain, and the subdomains. SEXY.

This meant that a visitor vould see my site as secured by cloudlfares SSL certificate, but the traffic from cloudlfare to my server was sendt over http. This was not good enough.

(remember to rename the files to fit nginx-proxys) naming conventions.

I read cloudflares guide for creating a self signed certificate and excecuted it with a modified template, so that all references to ragesheep.com was prefixed with *. to support my subdomains (since it was selfsigned eh?) and put it on my server (remember to rename the files to fit nginx-proxys) naming conventions.

I put it in my hosts etc/somewhere, and linked the folder to a virtual directory within the nginx-proxy-docker container. This meant that the nginx-proxy was terminating all https-trafic to *.ragesheep.com.
No change to my other containers were necessary. MAGIC.

Now, I swithed my cloudlfare crypto-setting from SSL-Flexible to SSL-Full. Cloudflare lets its server communicate with my backend over https, regardless of the signer of my hosts SSL-certificate. There are some security issues with this however, but I let it slide.

To allow myself to ssh into my box, I added a new subdomain to the front, and let it through cloudflares service without any interception and magic.

comments powered by Disqus