How does SSL work when using cloudflare tunnel

I am trying out Cloudflare Tunnel and I am unable to understand how exactly SSL works in this regard. My SSL mode is set to Full(Strict) in the dashboard, yet I am able to expose a website that doesn’t have any certificate configured. I am running my cloudflared daemon using cloudflared tunnel run tunnel-id and the TUNNEL_URL env var set to http://192.168.0.1/.

I thought that setting the SSL mode to Full(strict) would make serving a trusted certificate in my app mandatory but it still seems to work.

How exactly does SSL work in Tunnel? Is the connection between Cloudflare and my tunnel endpoint secure in this case?

https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/#how-it-works

cloudflared establishes encrypted outbound connections with Cloudflare’s edge and your users are hitting the website over HTTPS to Cloudflare’s edge.

If cloudflared talks to your origin (i.e 192.168.0.1) over HTTPS is up to your configuration but if they’re on the same server then HTTPS would be pointless.

user <https> cloudflare <https> cloudflared <http/https> origin

1 Like

When you say “cloudflared”, you mean the daemon running on my system right? Say, cloudflared is running on the “SystemA” and the app is hosted in “SystemB” (assuming both are on the same LAN), it is correct to say that the connection upto “SystemA” is encrypted by Cloudflare. What happens between SystemA and SystemB is upto me (whether I do SSL or not). Did I get you right

From Cloudflare to the cloudflared daemon on SystemA, yes.

Yes.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.