Is cloudflare strict SSL still the worth with cloudflare tunnel

Cloudflare strict SSL requires a Orgin certificate or a trusted SSL certificate from let’s encrypt which encrypts the traffic between cloudflare and server.

But when i setup cloudflare tunnel, wordpress or woocommerce they use port 443 on localhost so it requires SSL certificate, so i installed orgin certificate and set noTLSVerify after that it was working.

My questions is, in documentation it states that after setting to noTLSVerify,

Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted

If setting cloudflare tunnel would allow any certificate and if cloudflare SSL strict only Require cloudflare ca or trusted ca then is cloudflare tunnel less secure than cloudflare strict SSL.

Please help clear my doubt, thanks to all

Is it recommended to use cloudflare tunnel with ecommerce website like woocommerce

Tunnel pretty much skips over SSL/TLS mode, but I leave it set to Full (Strict) in case I stop using Tunnel for that domain and need to revert to a traditional setup. I never want to leave anything set to less than Full (Strict).

3 Likes

@sdayman Thanks a lot , but should i use it with e-commerce also can I not directly expose wordpress with cloudflared without any web server like nginx

If I may add here, or maybe this should be another topic, I would like to know the answer to a related topic about using Cloudflared Tunnel with e-commrece Website including the part if we lock our server.

Like, as far as if we lock our server firewall ports only to SSH port, but the WooCommerce sends e-mail to customer upon placing an order, the server has to have a port like SMTP (25?) open to be able to establish the connection and send the e-mail even when using WP Mail SMTP plugin configured to an external e-mail exchange/server, if I am right and understand it good from the Docs?

  • or rather “lock only incomming traffic” to these ports, but allow outgoing so it would be able to send out that e-mail?
  • or it would work normally (even with port 25 closed), but again only if using WP Mail SMTP with external mail server, not the one as where the website is hosted and using cloudflared tunnel as far as WordPress could also send some e-mails like “new user/customer” or “error here”, etc. …

I haven’t tried this approach yet.

WordPress sends emails via the wp_mail() method, which, by default, needs port 25 to be enabled in your php.ini settings:

For this function to work, the settings SMTP and smtp_port (default: 25) need to be set in your php.ini file.

Or I am wrong, and if using external mail server with the WP Mail SMTP plugin, it would work even if port is closed (inbound or outbound, or both?)?

I am able to send email using AWS ses from woocommerce site behind cloudflared with no problem using wp mail SMTP, i have no idea about the port but using only default settings

1 Like

Closed ports on the server or?

1 Like

I don’t use ip table or my security group of AWS ec2 has any port open for 22 or 25

By default security group has blocked every single incoming requests and only allow out going connection

1 Like