CD
Cloudflare Developers4mo ago
william.

Loadbalancing, nginx & certs question

Hello everyone, i'm in the process of creating a synchronised replica of my dedicated server. At the moment, the second server is ready. The dedicateds are hosting DB + Backends. In regard of loadbalancing, for my dns "api.foo.bar", should I just have an nginx config without certifications on both servers and let the SSL be handled by cloudflare ? I haven't tried yet, but i'm pretty sure I will encounter issue generating ssl certificates on both server (different IP) for the same DNS using certbot. How do you go about this ? Thank you !
3 Replies
Chaika
Chaika4mo ago
For a secure setup, you need encryption/ssl on both ends. CF's SSL handles Client -> Edge, you need to configure encryption in nginx for Edge -> origin to be secure
Chaika
Chaika4mo ago
You can use Cloudflare Origin Certificates (under SSL/TLS -> Origin Server): https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/ They last for up to 15 years and are trusted by CF Proxy (assuming you will use proxy)
Cloudflare Docs
Origin CA certificates · Cloudflare SSL/TLS docs
Origin Certificate Authority (CA) certificates allow you to encrypt traffic between Cloudflare and your origin web server, and reduce origin bandwidth …
william.
william.4mo ago
Perfect, thank you very much ! :10000:
Want results from more Discord servers?
Add your server
More Posts
Host minecraft server from Cloudflare Tunnels?Hello, I have found out, that Cloudflare Tunnels can redirect TCP to a public hostname, but it seemscloudflare pagesHello everyone, I have a custom domain linked to Cloudflare Pages using a CNAME record. Is it possiNeed to manage tenant accounts via API, will parent account API key work?Hi I am interested in using tenant accounts to manage customers primarly for domains and DNS recordsCan't delete payment methodAfter purchasing a domain I want to delete my payment method, but I can't it's says I have pending pI am getting 405 error code when aI am getting 405 error code when a client with an ipv6 address is trying to connect to my origin seGetting "Verifying you are human" on dash.cloudflare.com on all browsers, can't access anything.Getting "Verifying you are human" on dash.cloudflare.com on all browsers, can't access anything.Enabling the Analytics Engine from the DashHey folks, Trying to have a little play with the workers analytics engine to build some silly thingERR_NAME_NOT_RESOLVED using redirect ruleHey, I try to make redirect from whole domain to go on external url but I got ERR_NAME_NOT_RESOLVED