Questions regarding SSL/TLS

I am just setting up my domain on cloudflare and needed to clear off certain doubts. For info, I use traefik for reverse proxy and certbot for generating the ssl certificate. 1) In SSL/TLS -> Overview -> SSL/TLS encryption mode, which one should i select between Flexible, Full & Full (strict) ? 2) I have already setup traefik to do HTTP->HTTPS redirection & set HTTPS as default. So in SSL/TLS -> Edge Certificates, should i enable Automatic HTTPS Rewrites & Always Use HTTPS or keep both of them off ? Here's the are the relevant SSL/TLS options i am using in traefik v3 to better guide me with the suitable cloudflare settings.
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.asDefault=true
- --entrypoints.websecure.http.tls=true
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.asDefault=true
- --entrypoints.websecure.http.tls=true
2 Replies
Erisa
Erisa5mo ago
which one should i select between Flexible, Full & Full (strict) ?
You should use "Full (strict)". This fully encrypts the connection to your origin server using the certbot generated certificates from Traefik.
should i enable Automatic HTTPS Rewrites & Always Use HTTPS or keep both of them off ?
That's entirely up to you. Enabling "Always use HTTPS" will reduce load on your origin since Cloudflare will perform the redirect instead of your server, and enabling "Automatic HTTPS rewrites" is only useful if your website has HTTP asset links on it for whatever reason.
xd003
xd003OP5mo ago
Thanks for the clarification
Want results from more Discord servers?
Add your server