Cloudflare

From WebarchDocs
Jump to navigation Jump to search

Notes on using Cloudflare with Webarchitects shared hosting.

SSL/TLS

With the free Cloudflare account and a Let's Encrypt HTTPS certificate on our servers, use these settings:

  • SSL: Full (strict)

Edge Certificates

  • Always Use HTTPS: Off
    This is important, leave the Webarchitects servers to do the HTTP to HTTPS redirect in order that the Let's Encrypt cert provisioning process can access the /.well-known/acme-challenge/ path via HTTP without a redirect (Webarchitects redirects everything else).
  • HTTP Strict Transport Security (HSTS): Optionally turn this on, once everything is working and
    • Apply HSTS policy to subdomains (includeSubDomains): Off
    • Preload: Off
    • No-Sniff Header: On
  • Opportunistic Encryption: Off
  • TLS 1.3: On
  • Automatic HTTPS Rewrites: Off
    This is important, leave the Webarchitects servers to do the HTTP to HTTPS redirect in order that the Let's Encrypt cert provisioning process can access the /.well-known/acme-challenge/ path via HTTP without a redirect (Webarchitects redirects everything else).

Origin Certificates

  • Authenticated Origin Pulls: Off

Network

  • Pseudo IPv4: Add header

Scrape Shield

  • Email Address Obfuscation: Off
  • Server-side Excludes: Off