S3 Bucket + CloudFlare

Hi CloudFlare folks!

I’ve been pulling my hair out for the last two days trying to figure this out. I’ve gone through pretty much all of the related topics here and still can’t get this to work. I feel like I’m missing something super simple :frowning:

Essentially I have a small site based on GoDaddy, the namespaces of which I’ve set to the CloudFlare ones during setup, so all the DNS stuff is being managed here now. I want to make a web app that will involve users uploading their own media, and I figured it would be better to have the content uploaded to S3 and serve through the CloudFlare CDN to be awesome.

I made an S3 bucket called cdn.thefyrewire.com, made sure it had the right policies attributed (access is only available to CloudFlare IPs), enabled static website hosting, which gave me the http://cdn.thefyrewire.com.s3-website-us-east-1.amazonaws.com/ link.

I went to CloudFlare, added the site, then added a CNAME with a name of cdn and content of cdn.thefyrewire.com.s3.amazonaws.com. The little cloud icon is orange (as I guess it should be) but I’ve experimented with turning it too. However, it just doesn’t seem to work.

My ISP keeps telling me that cdn.thefyrewire.com doesn’t exist, and when I try to visit with HTTPS I get a timeout (though SSL are probably another issue entirely).

Can anyone point in the right direction? Do I need CloudFront? I heard it’s quite expensive and this is all mostly for learning and fun so I would like to stick to the CloudFlare free plan. Thanks in advance!


Current settings
Always Use HTTPS: Off
HSTS: Disabled
Minimum TLS: 1.0
Automatic HTTPS Rewrites: On

Edit 2:

I have a LetsEncrypt cert installed on the site over on GoDaddy, so I’m under the impression I can use the Full setting for SSL on CloudFlare? Is that correct? This still doesn’t really explain why my ISP is telling me the subdomain doesn’t exist at all :thinking:

I am able to reach your site and what appears to by the bucket and that is were the issue occurs.
By default S3 buckets do not come with HTTPS, so full with SSL will not work. Have you tried having it on flexible and using http?

I am sorry, but that suggestion really is not a good idea.

I 100% percent agree that it is a terrible idea. However, without enabling HTTPS on S3 it is the only real option.

Flexible never is an option :slight_smile:

Either properly enable SSL on Amazon or disable it on Cloudflare.

Thanks for both of your replies!

I decided to go set up CloudFront and went through the Amazon Cert Manager. I removed my flexible page rule and ensured SSL in CloudFlare was set to Full. Link now has SSL and looks all pretty and hopefully all safe! :smile:

Quick question through, CloudFront is a CDN in its own right, right? So does that mean I don’t need CloudFlare anymore, or can I still benefit from it? I changed the CNAME of cdn to be the xyz.cloudfront.net link and made sure it was set to the orange proxy cloud. Will that work and help?

Thanks again!

That configuration sounds fine and “Full” is good, though “Full strict” is better. You do have a valid certificate configured there, dont you?

I am not really all that familiar with CloudFront. It does seem to be a CDN (which Cloudflare actually is not, strictly speaking) but whether these two are complementary or if Cloudflare would actually be redundant is something I cant comment on. For example, if CloudFront is billing you based on traffic, you could probably save some with Cloudflare because of its caching.

It’s a Let’s Encrypt cert on the main domain, and Amazon on the CDN subdomain. I’m under the impression I can only use strict if I purchase a fully certified one from a Certificate Authority, is that correct? :thinking:

True, but LetsEncrypt is a publicly trusted CA, so that should work just fine. As long as the certificate is trusted by a browser in its default settings “Full strict” will work.

1 Like

Great, thanks for your help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.