Share of Information on basic Cloudflare configuration + Query

NOTE: The comments and suggestions below of epic.network were written in relation to my initial thread of yesterday and not to this updated version that has taken into account his valuable feedback.

[A] SHARING A PIECE OF INFORMATION:

I belong to the club of dummies and hesitant beginners who are proud of having joined the Cloudflare family, but at the same time feel annoyed for not being able to take full advantage of the great number of tools offered by Cloudflare.

As a tiny contribution to the community forum, I have compiled and must say that I am very delighted as well for sharing the attached list of the items that should be given priority in order to achieve a basic initial configuration under a free plan for a domain name that is hosted by an external hosting company. This list assumes that the target hosting company provides us with a basic free SSL/TLS certificate (e.g., Let’s Encrypt).

Needless to say, this is an unofficial list of my own and I wrote it considering “to the best of my knowledge and understanding” how tools should be configured in first place, even if amendments could be made at any time down the track (ATTENTION: Be careful as it doesn’t make sense that a novice in the field could possess knowledge and understanding of how things work). It is not that my brain is completely bereft of grey matter as I hope there are still some neurons sparkling in my brain. I am just a common Homo sapiens without any special knowledge of IT or webhosting who signed up with a free plan with the intention to create a website. Let’s hope that the attached guideline could deter beginners from running away as it could entice people to start testing the waters before jumping into the lake. I would be very grateful if someone in the community could have a look. If applicable, please feel free to highlight any mistakes or make relevant comments.

Once again, this is just a mere starting point. There is no miraculous recipe to satisfy all tastes across the board because at the end of the day settings depend on the type of Cloudflare plan as well as the complexity of websites and the capabilities of hosting company at the other end.

[B] QUERY:

I still don’t have clear in my mind whether or not we should install the free Universal SSL Certificate offered by Cloudflare even if Let’s Encrypt is already installed and maintained by the hosting company.

I have three pieces of feedback your content.

  1. I recommend against using a real IP address in your guide when there are addresses reserved for such purpose. See RFC 5737 for details.
  2. Universal SSL is on the Cloudflare proxy and secures the connection to your vistors from Cloudflare, while the certificate on your origin server secures the connection between Cloudflare and your origin server. They serve different purposes and if you use the proxy, you need both.
  3. CNAME flattening is only available at the apex on free plans and cannot be disabled.

I applaud you for directing people to use Full (strict) mode and certificates on their origin. Encouraging them to seek out competent assistance is another plus. Configuring Cloudflare can be extremely challenging for beginners.

Thank you for answering and commenting.

Based on your comments on discouraging the use of real IP addresses, I will update my thread with XXXX instead of numbers and will upload the amended text and files soon.

According to the template of basic configuration I posted, then do you advise that Universal SSLL could be enabled even if the site has an SSL Certificate (e.g. LE) at the hosting server?

You could use IPs from one of the documentation address blocks.

Definitely. If you don’t, you won’t be able to make an HTTPS connection to a proxied hostname without adding a paid Cloudflare SSL option.

You may want to mention that Universal SSL only covers the apex and the names one layer below.

The hostname webmail.example.com will be covered by Universal SSL but www.webmail.exampe.com will not.

Thank you epic.network. I will wait until tomorrow in case any other expert could provide additional feedback and then I will amend the list to make it definitive. Of course, it is just a rough initial guideline to have it handy because it is something more or less similar all beginners like myself need to start cranking the machine. Otherwise we have no idea what to choose or disregard.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.