I’m trying to set up Cloudflare to redirect to a static web client hosted in an Amazon s3 bucket. It all works great until I try to set up the CNAME DNS record in Cloudflare.
@sandro ok I think you might have isolated the problem! I use Cloudflare for a bunch of other subdomains associated with this domain and I have the SSL setting in Cloudflare set to always on (full). So this was sending a request to AWS via SSL which AWS was refusing.
I guess if you set the SSL setting to ‘flexible’ it will allow non SSL traffic between Cloudflare and AWS. Unfortunately when I tried this it bought down the other (live) sub-domains - so there was a moment of panic there!
I’m going to have to have a think about this one I think. Might be better just to set up a file server on Digital Ocean or something so a) the CNAME is just an IP address and b) you can cheaply and easily install SSL certificates if you need them.
You could use a page rule to set it to Flexible for that specific host, however I generally advise against Flexible. Its quite deceiving to users, the connection appears to be encrypted but that encryption vanishes the moment the connection continues on to your server.
Agree, not sure about this from a security point of view. I was keen to do this with AWS because, well that just seems to be the way everyone does this. But file servers and SSL certs are cheap as chips and I think that’s really the correct way to do this - you can’t say the connection is secure when half the connection is not secure.
Precisely! I can understand why Cloudflare is offering it, but IMHO they really shouldnt.
Anyhow, I am glad its working, but I’d really recommend to use it only as temporary workaround and setup a proper SSL environment on your Amazon instance. Otherwise simply use the same page rule to turn off HTTPS for that host and it will be at least transparent that there is no encryption in place.
