Secure on cloudflare

hi
i don’t know if we can do that with cloudfare, but when a user type

www.testamentfacile.com

i would like that go directly to https…

I have a web application on ovh who use spring boot (tomcat port 8080).

on the ovh server i do
firewall-offline-cmd --add-forward-port=port=80:proto=tcp:toport=8080

in Cloudflare, ssl is set to flexible

setup in Cloudflare

is it possible to do what i want with Cloudflare?

In which case you have a security issue to begin with. You first need to secure your server.

For your use case Apache Tomcat 10 (10.0.21) - SSL/TLS Configuration How-To.

Or you put Apache in front of it and handle SSL there.

1 Like

spring boot 2.6x use tomcat 9… is there any info to setup it with Cloudflare?

Just check out the documentation for version 9, I am sure there’ll be a similar part covering SSL. And if you put Apache in front, that does not even matter, as Apache is compatible with all versions.

1 Like

do i need to use Origin server certificate or client certificate from Cloudflare (ssl/tls)?

You need an Origin certificate or any other publicly trusted certificate.

You do not need a client certificate, as that would be only for client authentication, which you do not need for SSL.

So have you configured the certificate now?

spring boot application with ssl use 8443 port
sudo firewall-offline-cmd --add-forward-port=port=80:proto=tcp:toport=8443
sudo firewall-offline-cmd --add-forward-port=port=443:proto=tcp:toport=8443
sudo firewall-cmd --reload

i followed step here

just get the same issue…

if i put SSL/TLS encryption mode is Full

that working

Full is not secure either. You really need to get this working on Full Strict.

You just need to configure the right certificate, right now you have an invalid one.

i understand what you say, but it’s not very clear how to get a valid one

That’s covered by the article I posted in the very first response, plus as I mentioned you can use any publicly trusted certificate.

spring boot use tomcat… but configuring directly tomcat is not the way to go with this framework.

convention over configuration…

we need to set only a few value in the config value

server.port=8443
server.ssl.key-store=classpath:springboot.p12
server.ssl.key-store-password=password124
server.ssl.keyAlias=springboot1234
server.ssl.key-store-type=pkcs12

Well, how you get the certificate configured is something for whatever tool you are using and that would be beyond the scope of the forum here.

The bottom line is, whatever server you are using, you need to make sure it is properly configured for SSL.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.