Questions regarding SSL/TLS
I am just setting up my domain on cloudflare and needed to clear off certain doubts. For info, I use traefik for reverse proxy and certbot for generating the ssl certificate.
1) In
SSL/TLS -> Overview -> SSL/TLS encryption mode, which one should i select between Flexible, Full & Full (strict) ?
2) I have already setup traefik to do HTTP->HTTPS redirection & set HTTPS as default. So in SSL/TLS -> Edge Certificates, should i enable Automatic HTTPS Rewrites & Always Use HTTPS or keep both of them off ?
Here's the are the relevant SSL/TLS options i am using in traefik v3 to better guide me with the suitable cloudflare settings.
2 Replies
which one should i select between Flexible, Full & Full (strict) ?You should use "Full (strict)". This fully encrypts the connection to your origin server using the certbot generated certificates from Traefik.
should i enable Automatic HTTPS Rewrites & Always Use HTTPS or keep both of them off ?That's entirely up to you. Enabling "Always use HTTPS" will reduce load on your origin since Cloudflare will perform the redirect instead of your server, and enabling "Automatic HTTPS rewrites" is only useful if your website has HTTP asset links on it for whatever reason.
Thanks for the clarification