Self-hosting, DNS, proxy, www, SSL. going bit mad

Hello there community.
Maybe someone can help clear up a few things.

I self-host a website, and it actually works fine. https works, and with and without www.
But subdomains and https drives me a bit mad. So the www is a leftover from history of the internet in a way, it wouldn’t be needed but people may type it in their browser, so I want it.

I know that Cloudflare does not support the use of two sub-domains and still having SSL work unless you upgrade your plan, so…

www.sub1. example. com wont work, but sub1. example. com will.

But I dont’t actually need people to have www visible in their browser, so can’t I just re-direct them, right?, or?.
If possible where would I do it?. Would it not be possible at visitors first contact with Cloudflare?. A CNAME that says www.sub1. example. com should go to sub1. example. com (disable proxy maybe?).
OR should this always be a redirect on the webserver itself?.

To complicate things a bit maybe, then I also run a local nginx proxy, so in a way there can be double proxy, Cloudflare and mine.

My nginx proxy is where my “let’s encrypt” certificates are handled.
There I can also be a bit confused about if I really need certificate for both www and non-www. Or if id even need at all since the site actually just shows Cloudflares certificate. I guess it needs it for secure connection all the way to my server.
But my config files in nginx don’t actually even have both certificates pointed to, www and non-www.

My dns records I have been messing around in so much I barely recall my normal setup was, but right now.
A public-IP
A sub1 public-IP
A sub2 public-IP
A www public-IP

No matter what, can’t be set to :orange: and HTTPS, unless you get the $10/month dedicated SSL with custom hostnames.

If your Crypto setting is “Always Use HTTPS,” which it should be, you can’t use :orange: for second level subdomains. It will have to be :grey: and your server will have to handle the redirect.

As for Let’s Encrypt on your server…it should cover everything, just in case you turn off Cloudflare and want to go direct to your server. It’s free and easy to get LE to cover all those subdomains.


Thanks :).

So, yes, I should be able to, so long as long as I dont proxy :orange: (feel like I need all cut in cardboard right now :smile:

So… it would be something like…

A Example. com public-IP :orange:
A www public-IP :orange:
A www.sub public-IP :grey: (or CNAME + :grey: ?)

And then handle redirect at my server side?.

1 Like

Set your www as a CNAME, you also don’t have to worry about your sub-domains as they should only be referred to by your domain or backlinks.

The way I do it is throughout my root level domain (i.e: if I need to navigate to a sub-domain I do it (i.e:; if you really do need to enable sub-domains to access the www CNAME which isn’t needed unless you’re making it an operator then I suppose you will have to upgrade or use your Lets Encrypt.

I’d just suggest you work on your ties a little better. It’s not as complicated as you think it is, it’s just complicated understanding it. It’s all about your structure.

I’d recommend you’d work on setting it all up first for testing purposes without including proxies because that can really help confuse things. Then, build out as you go.

What do you mean by “only be referred to by your domain” exactly, that it’s only thru links on your main site?.

Yeah, there are some things about it all that I can’t entirely put into place yet. And nope, the proxies don’t nessarily help when trying to troubleshoot it or learn more.

It’s not that I nessarily need this to work, as my subdomains mostly will be pointing to sites I would use. But it’s still really bothering :rofl: … the “www” has always bothered me, but it should be a thing to understand, as it is just a sub-domain.

It might be that id just update my plan, for peace of mind.
But before that, I will work more on this.

Yes, domain oriented only is what I was referring to. I have sub-domains I don’t allow public use of, they’re only for me and my functions so beings I know there’s a www failure that doesn’t bother me because I’m the administrator.

If it really does bother you, because you’re self-hosting (props btw I’ve always wanted to but I don’t want to handle the traffic or publish my house IP Address) then setup a “Let’s Encrypt” SSL Certificate for the locations whereas Cloudflare falls short such as the sub domains. :slight_smile:

1 Like

okay yeah :). yes it bothers me :stuck_out_tongue:.
I finally got it to work now :). I think also my browser was troubling me, for example, when visiting my sub with the www, it would actually pickup my let’s encrypt, saying it’s “valid” when i click the little lock icon… which however was showing “not secure”, but in Edge it was ok… because I hadn’t visited in there i yet guess.

And some stuff in my subdomains apache configuration I hadn’t done right, so it didn’t redirect to the non-www as I wanted it to.

And setting a A record for “www.sub1” without being proxied.

1 Like

So, Cloudflare isn’t protecting the sub-domain so you’re using Let’s Encrypt to serve it?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.