HI @M4rt1n thanks a ton. the issue seems to be the same indeed.
I am a little confused on how to set https on S3 target. Can’t find any straightforward method. I know it can be done through Cloudfront and ACM. But I am looking to connect Cloudflare CNAME to S3 target and still server it over https.
I am also open to any other method which can be helpful here. Any further help is appreciated.
Another way to it would be, to use Flexible SSL for your sub-domain or that CNAME record using a Page Rule to configure it like described here:
Which reminds me just like Google Cloud Storage when configuring, I had to add a sub-domain within a CNAME record being and then creating a Page Rule to have Flexible SSL for that hostname (sub-domain), while having Full SSL for a primary domain.
Not a great option, but worked for me.
But, keep in mind “from user to Cloudflare” would be HTTPS, but “from Cloudflare to S3” over HTTP.
Learn more why Flexible SSL is not a recommend choise from this article:
In case (OP did not mentioned if this is his situation as mine) where you are actually “locked up” due to your “Cloudflare Partner/Provider” where there are no other options available to you to select (by default for free plan, not to mention Paid one with that one per default being disabled).
Otherwise, as already known the possibilites and hopefully if OP’s origin has an SSL cert (which is also not an option and currently cannot connet over HTTPS), regarding the mentioned link to the tutorial about “Why Flexible SSL mode is not the best choice”.
Not really. Flexible should never be an option and suggesting it is bad advice I am afraid.
You never are “locked up”. If your host is not able to provide something simple as SSL, changing host is a logical consequence. Flexible does not suddenly become secure because of your host’s incompetence (and Cloudflare’s eagerness to participate here).
Three steps to fix that, drop the Cloudflare integration, change host, and sign up for a proper account with full control.
Yes thanks to @erictung I found a good solution for that problem. Actually I tried both variants:
Use CloudFront as CDN
Use CloudFlare Workers
Workers turned out to be more cost efficient. I forked the Tutorial from Signalnerve on Github and added S3 support (instead of Google Cloud) and request of origin server instead of bucket error. You can find it here: GitHub - nilo-byte/assets-on-workers