General Boards > OzIsuzu Forum Bulletin Board

Forum Security Error

<< < (3/5) > >>

WAI4WD:
Cloudflare is the largest DNS provider, which just happens to come with CDN and lots of other free features. Paid plans have more, but you don't need them for basic website management.

You create a cloudflare account.

You change your domain DNS to point at cloudflare instead of at your server.

You point cloudflare DNS to your server. Most domain registrars don't provide full DNS control nowadays, cloudflare does, FREE.

When the domain is picked up in cloudflare (takes about a minute or two), you can then create an Origin SSL, which is typically 15 years. That is the SSL that secures between your server and cloudflare. Cloudflare automatically manage your front facing SSL, which will be a wildcard certificate securing many client sites of theirs, but exactly the same as what you use now.

That's it.

Other than the many other options you can play with to improve the speed and performance of your sites loading via cloudflare.

You don't need to generate a CSR or anything on your server, you can do it all on cloudflare and just copy paste it over your existing file locations, depending on what you're using (NGINX or Apache).

DannyG:

--- Quote from: WAI4WD on Jul 22, 2022, 06:45:10 PM ---Cloudflare is the largest DNS provider, which just happens to come with CDN and lots of other free features. Paid plans have more, but you don't need them for basic website management.

You create a cloudflare account.

You change your domain DNS to point at cloudflare instead of at your server.

You point cloudflare DNS to your server. Most domain registrars don't provide full DNS control nowadays, cloudflare does, FREE.

When the domain is picked up in cloudflare (takes about a minute or two), you can then create an Origin SSL, which is typically 15 years. That is the SSL that secures between your server and cloudflare. Cloudflare automatically manage your front facing SSL, which will be a wildcard certificate securing many client sites of theirs, but exactly the same as what you use now.

That's it.

Other than the many other options you can play with to improve the speed and performance of your sites loading via cloudflare.

You don't need to generate a CSR or anything on your server, you can do it all on cloudflare and just copy paste it over your existing file locations, depending on what you're using (NGINX or Apache).

--- End quote ---


Thanks for the info, way too complicated for me. I have no idea about dns's or how to point them sorry. Ive paid for the SSL thingy for a 2 or 3 years in advance now so I think I have to just leave it for now.

yvesjv:
Totally agree with clodflare except for the use of the wildcard certificate.
If you just happen to share that wildcard cert and with 'bad neighbours' sharing the same IP from the provider, you will be blocked... period
We use umbrella dns and see totally legit sites blocked because of 'bad neighbours'.

Long explanation:
https://umbrella.cisco.com/blog/websites-and-bad-neighbors

WAI4WD:

--- Quote from: yvesjv on Jul 23, 2022, 10:19:10 AM ---Totally agree with clodflare except for the use of the wildcard certificate.
If you just happen to share that wildcard cert and with 'bad neighbours' sharing the same IP from the provider, you will be blocked... period

--- End quote ---
Not how it works with Cloudflare. SSL is being assigned to cloudflare IP's, none of which are EVER considered bad as Cloudflare IP's are considered tier connections. The cert issued by Cloudflare for your server, is between you and cloudflare only, NOT the visitor. Any bad neighbour server IP has ZERO impact on SSL or IP blocks. You can't impact another user with Cloudflare. Bad neighbours (server IP's) are typically associated to email spam, nothing else.

Never read about this being an issue using Cloudflare due to how they're system works. Their DNS is the fastest in the world to date for good reason.

Oh, and to use the cloudflare free SSL system, you have to use cloudflare DNS, you can't bypass it within the DNS settings, pointing back to forward facing SSL using cloudflare only IP's not origin IP's.

yvesjv:
Looked it up, they use nginx.
Guess it's all go for Danny to migrate to Cloudflare then.

Navigation

[0] Message Index

[#] Next page

[*] Previous page