I have a
* entry in Cloudflare as a
CNAME record. I’d like to take advantage of the Cloudflare SSL certificates, so I would like to actively proxy this entry. According to the UI, right now Cloudflare is is doing DNS only on this path.
The confusing part is that based on my logs, it looks like the traffic would be actively proxied:
x-forwarded-forhttp header returns an IP that belongs to Cloudflare
cf-connecting-iphttp header is populated and I see my computer’s IP there
- I see my separate subdomains in
- When I inspect my SSL certificate in the browser, I see Cloudflare as the issuing authority
So, my question is:
Is my traffic actively proxied through Cloudflare? It looks like it, but the UI tells me that’s not the case. Or There is a UI bug in Cloudflare that shows me that this route is DNS only, when it’s actually actively proxied?
CNAME in general seems to support active proxying in general, but then Why does this route only prevent me from doing that?. I couldn’t find any official docs for
* CNAME records.
Couldn’t decide if this question should be a support ticket or posted on the community forum, so I decided for the more public instance in this case.
Why do I need a * CNAME record?
Reading my post, it feels like this would be the first question on your mind, so I’ll go ahead and answer it.
The webapp is hosted on Vercel. The * allows me to setup any subdomain for my domain in Vercel, without having to keep track of the subdomains in both places. My setup is the recommended Vercel way of using Cloudflare: https://vercel.com/knowledge/using-cloudflare-with-vercel