Questions regarding SSL/TLS

I am just setting up my domain on cloudflare and needed to clear off certain doubts. For info, I use traefik for reverse proxy and certbot for generating the ssl certificate.
1) In

SSL/TLS -> Overview -> SSL/TLS encryption mode

SSL/TLS -> Overview -> SSL/TLS encryption mode

SSL/TLS -> Overview -> SSL/TLS encryption mode

SSL/TLS -> Overview -> SSL/TLS encryption mode, which one should i select between

Flexible

Flexible

Flexible

Flexible,

Full

Full

Full

Full &

Full (strict)

Full (strict)

Full (strict)

Full (strict) ?
2) I have already setup traefik to do HTTP->HTTPS redirection & set HTTPS as default. So in

SSL/TLS -> Edge Certificates

SSL/TLS -> Edge Certificates

SSL/TLS -> Edge Certificates

SSL/TLS -> Edge Certificates, should i enable

Automatic HTTPS Rewrites

Automatic HTTPS Rewrites

Automatic HTTPS Rewrites

Automatic HTTPS Rewrites &

Always Use HTTPS

Always Use HTTPS

Always Use HTTPS

Always Use HTTPS or keep both of them off ?

Here's the are the relevant SSL/TLS options i am using in traefik v3 to better guide me with the suitable cloudflare settings.

    - --entrypoints.web.address=:80
    - --entrypoints.web.http.redirections.entrypoint.to=websecure
    - --entrypoints.web.http.redirections.entrypoint.scheme=https
    - --entrypoints.web.http.redirections.entrypoint.permanent=true
    - --entrypoints.websecure.address=:443
    - --entrypoints.websecure.asDefault=true
    - --entrypoints.websecure.http.tls=true

    - --entrypoints.web.address=:80
    - --entrypoints.web.http.redirections.entrypoint.to=websecure
    - --entrypoints.web.http.redirections.entrypoint.scheme=https
    - --entrypoints.web.http.redirections.entrypoint.permanent=true
    - --entrypoints.websecure.address=:443
    - --entrypoints.websecure.asDefault=true
    - --entrypoints.websecure.http.tls=true

    - --entrypoints.web.address=:80
    - --entrypoints.web.http.redirections.entrypoint.to=websecure
    - --entrypoints.web.http.redirections.entrypoint.scheme=https
    - --entrypoints.web.http.redirections.entrypoint.permanent=true
    - --entrypoints.websecure.address=:443
    - --entrypoints.websecure.asDefault=true
    - --entrypoints.websecure.http.tls=true

    - --entrypoints.web.address=:80
    - --entrypoints.web.http.redirections.entrypoint.to=websecure
    - --entrypoints.web.http.redirections.entrypoint.scheme=https
    - --entrypoints.web.http.redirections.entrypoint.permanent=true
    - --entrypoints.websecure.address=:443
    - --entrypoints.websecure.asDefault=true
    - --entrypoints.websecure.http.tls=true

Erisa•8/6/24, 9:55 AM

which one should i select between Flexible, Full & Full (strict) ?

You should use "Full (strict)". This fully encrypts the connection to your origin server using the certbot generated certificates from Traefik.

should i enable Automatic HTTPS Rewrites & Always Use HTTPS or keep both of them off ?

That's entirely up to you. Enabling "Always use HTTPS" will reduce load on your origin since Cloudflare will perform the redirect instead of your server, and enabling "Automatic HTTPS rewrites" is only useful if your website has HTTP asset links on it for whatever reason.

EErisa > which one should i select between Flexible, Full & Full (strict) ? You should...

xd003OP•8/6/24, 9:59 AM

Thanks for the clarification

Questions regarding SSL/TLS

Similar Threads

Similar Threads

Similar Threads