Your design is clear but I’m not sure what is your concern.
If I understand correctly, your app is gonna make requests to another address of you which is not proxied via CF. Then you need take care of that yourself or proxy it via CF.
Yes you need one (for any request made by browser you need a secure connection). That’s an AWS question. After setting that SSL your next problem is cross origin requests.
You mean for https://myelb.elb.amazonaws.com/api/v1/login ?
Then still the javascript is loaded into the page from myapp.domain.com and tries to send request to https://myelb.elb.amazonaws.com/api/v1/login and that is cross origin and browsers will block such a request. Google for How to add CORS header and do that is myapp.domain.com so you tell the browser that the other address is trusted (don’t use *).
To work around CORS I modified my javascript code to use https://api.domain.com/api/v1/login
and thought of mapping api in Cloudflare to my AWS instances
I was hence thinking of
creating
(a) Cloudflare ([dns]) ---------> nginx -------> AWS ELB
I read about using NGINX as reverse proxy to avoid CORS but realised that Cloudflare itself
works as proxy
But then decided to use the following configuration
(b) Cloudflare([dns+proxy] orange cloud) <---------------> AWS ELB
added CNAME entry where I map api <.----------->AWS ELB.
Using (b) above, I created a origin certificate under SSL/TLS app of Cloudflare
and I read that we can use that certificate at entry point of AWS which is my ELB
So I expected
a) Browser invokes subdomain.domain.com (Points to s3 where frontend resides)
When I had a similar error recently - I found that the structure within this file was not correct. Even though I had copied and pasted it correctly - for some reason it was borked. Until I directly uploaded file to server and cleared Cloudflare cache after.
/etc/apache2/sites-available/example.com.conf
My recent experience is this issue is a configuration problem.