My CloudFlare domain currently uses port 443 into my network and I want to use port 80

I currently have a domain setup to use Full SSL/TLS. I got a certificate from LetsEncrypt and I forward all 443 traffic to a specific server.

For all of my other websites I forward them to an nginx proxy on port 80 and use CloudFlare to do the encrypting on 443 from CloudFlare to the browser.

I don’t remember how I set this up though. I want to discontinue using port 443 into my network for this domain and set it up like my other domains, but I’m not sure how to do that.

For that domain, set the SSL/TLS mode to “Off” and connections will then go over Port 80.

For all of my other websites I forward them to an nginx proxy on port 80 and use CloudFlare to do the encrypting on 443 from CloudFlare to the browser.

Won’t what you’re suggesting use http in the browser?

I still want to use https in the browser, I just want to have the connection between Cloudflare and my router use 80.

Why do you want the browser to use HTTPS, but not the server? That’s like making people ask for an apple so you can give them an orange.

Perhaps I’m not explaining this properly because this setup is common.

For all of my other domains that use CloudFlare, I use Flexible SSL/TLS. So you access my domain via https://domain.com. CloudFlare communicates with my network over port 80 and serves the website/assets over https. Those incoming requests over port 80 are all handled by an NGINX server that acts as a reverse proxy to a number of different machines in my network.

I have one website that uses Full SSL/TLS (self-signed certificate from LetsEncrypt). Visitors access my domain via https://domain.com and Cloudflare communicates with my network over port 443. All 443 requests are sent to a single server.

I no longer want that domain to use a Full SSL/TLS, I want it to behave like all my other domains. However, when changing from Full to Flexible it doesn’t seem to make a change. CloudFlare is still requesting the website/assets over port 443.

If this was common we better shut off the whole Internet as your beloved credit card number will be known by everyone.

What you want to do is deceive your visitors and pretend to have a properly secured site when in fact you do not and transfer everything in an unencrypted fashion visible to everyone.

What you need is a valid certificate with a proper SSL configuration running on port 443 on your server and “Full strict” as encryption mode. Should you really not want SSL then set it to “Off” instead as already suggested by @sdayman. Everything else is not supported.

1 Like

Do you not understand how Cloudflare Flexible SSL works?

The Flexible SSL option allows a secure HTTPS connection between your visitor and Cloudflare, but forces Cloudflare to connect to your origin web server over unencrypted HTTP. An SSL certificate is not required on your origin web server and your visitors will still see the site as being HTTPS enabled.

It’s the most used SSL option that Cloudflare offers.

There is an entire article why that is a horrible choice!

So you want to lie to your visitors and put them at risk, did I get this right?

That is plain and simple wrong.

1 Like
1 Like

Just to chime in on this as there seems to be a bit of a hate campaign against using Flexible SSL and I wanted to know what benefit FULL brings when the end user doesn’t have to enter anything whatsoever in terms of logins or anything. All they do is browse a static site.

How is Flexible manifestly “unsafe” for the end user in that instance?

Genuinely curious.

I think that is a strong word that is not really applicable here.

Flexible simply is not secure, that’s it. And if the user does not enter anything you can equally have your site on “Off”.

Security is like a pregnancy. Either there is security or there is not. There isn’t “just a bit”.

1 Like

Sure replace hate with “dislike very much” lol

Sure I see what you mean in terms of “Off” but then Google will downgrade your site, hence why Flexible is useful surely?

First of all Google will not “downgrade” you. Second, yes, Google does put a certain emphasis on SSL.

And why do you think that is?

Because only SSL provides proper transport security and there is a reason why browser manufacturers require SSL for certain features.

It really is simple, if you want SSL put your site on “Full strict”, if not set it to “Off”. A certificate really is a simple thing and can be done within a matter of minutes (even more so with Origin certificates) and it is, honestly, pointless and tiring to have to repeat this every four weeks over and over and over and over and over again because someone new comes along who believes he has what it takes to run a website but doesn’t have the faintest clue of security and just follows some random security “suggestions” some random guy made in some random video.

If you want transport security configure a bloody certificate and be done with it and don’t mislead your visitors and other Cloudflare users (“most used option”).

Is it possible to get a reply that simply tells me how to accomplish what I’m asking without a debate on why the features that Cloudflare offers aren’t secure enough?

This is Cloudflare community afterall, not Stackoverflow…

1 Like

I seriously think the word “hate” is valid when you just drop a tirade like that.

I’ll just leave this convo :+1:

Closing. @greg.johnson, use the search for this topic but what was written at

actually still applies. Install a proper certificate and don’t lie to your visitors.

1 Like