Before I start, I would like to mention that I’m pretty old school in terms of web, pretty much html in vim, and still rolling with my ipsec vpn - so if my assumptions are stupid / wrong, please correct me and don’t be afraid to use substantial mallet while doing that. Having that out of the way:
I would like to move my website that has ssl from external server into a local network vm. My understanding is that couldflare will cache stuff, and since webpage will be very static - that should not pose much of a problem.
My edge router is pfsense based.
From what I’ve gathered so far, best way for me would be to spin up reverse proxy, to be able to point to my website and possibly few other services, while automagically throwing ssl on top of all of those outside requests, while still being able to use good old plaintext internally. For that I assume, that pfsense haproxy would be the best, as also pfsense could also control the certificates, but here my dilemma starts, AFAIK, Cloudflare provides certificates - but here in documentations and howtoo there is a terms “origin certificate” that if I read correctly is only intended for encryption router ↔ Cloudflare. I assume that if I would open free account with Cloudflare, then all requests pointing at my local services would be going through Cloudflare - using their own certs, while Cloudflare would then forwards requests (if not cached) to my router usign the “origin certificate” … right ?
Additionally, I use google for corporate email, but I can just leave a dns (MX) record in Cloudflare for google mail servers, and all should be OK … but some of my internal services DO generate emails that so far have worked pretty much flawesly with google DNS servers and have been popping up in my mailboxes without problems (like backup failure, upgrade failures etc) - I know that I might be paranoid, but don’t want to put my self situation without a solution.
Now going back to the internal services, I was intending to fireup a personal file hosting service, since sometimes for work purposed I need to share some binaries and as much as using google drive does work, I wanted to give people ability to load files as well (like 64GB sd card image, so I can test what colleagues cooked on their own) and some of my customers have strong opinions about using gdrive. Reason I asked is that in free plan I’ve seen that they have a post limit of 100MB … so I’m not sure how that would translate to this specific situation.