I’m using vultr as my provider, and cloudflare as my registrar/dns provider. Vultr has a setting in the firewall that specifically allows cloudflare ips in. I’ve set a rule to allow 443 (and 80, just to test) from cloudflare IPS, and block https from all others.
In cloudflare, I have both my A record and my CNAME (www) set as proxied through cloudflare. When I only allow HTTPS from cloudflare, I get a 524 error from cloudflare. IF I add a rule in vultr to allow HTTPS from 0.0.0.0/0, then everything works. I have also tried changing SSL mode from Strict to Full and back, but this makes no difference.
I’ve asked vultr about this, and their response was basically “setting source to cloudflare allows cloudflare IP’s in only”. This wasn’t super helpful, but I’m wondering if it’s something on the cloudflare side.
FWIW, I’m using letsencrypt on my vultr server, so full/strict should both work.
Am I missing something here? Basically I want to block all access to my site unless it goes through cloudflare.