You might have noticed that I’m quite new to CF and trying to figure out best practice for security and performance and configure CF in the right way for my project.
So here is some basic info about my setup
Origin: Azure https://example-api.azurewebsites.net
Azure Storage Account: https://example.z10.web.core.windows.net
So this is going to be a setup for a Serverless Single Page Application. I am using Azure Storage account to serve my static files and Azure Functions (origin address above) as my API.
Azure provides SSL for both Storage and Function app endpoints.
Now, I have added my domain as custom domains to Azure Storage account, however Storage account doesn’t support SSL for custom domains, the only way to get it, is to configure Azure CDN, point to the storage endpoint and configure your custom domain and SSL there. But there is no point of doing that when I am on CF which provides me with all the good stuff as CDN, beside I don’t want to pay for Azure CDN.
So I end up with a non secure www.example.com which is pointed to https://example.z10.web.core.windows.net using CNAME.
Now my question is, if I pass www.example.com through CF and make it go through secure tunnel, would that make all the route secure, including CF to Origin?
Please note that I have no way of adding CF Origin Cert to my storage account, but it is using SSL on it’s own azure endpoint which is used to create a CNAME in my DNS settings on CF.
Also I have set my Crypto mode to Full Strict, it seems to be working, does this mean all the routes are secure now?
I think I’m a bit confused here because Azure provides SSL on their endpoints by default, so all the endpoints that I am pointing my CNAME records to are on https, does that mean I don’t need CF Origin Cert anymore?
Thanks for your help