05-01-2019, 03:15 PM
@Melvin
Cloudflare offers certificates for HTTPS service when you use their CDN service (reverse proxy) for your site. In that case the certificate is installed on their servers instead of on your server in the most common mode. They have other modes where you can additionally install a certificate on your server to also encrypt communication between Cloudflare and your server. All of that might sound good and awesome because it is for free, right? Especially when Cloudflare offers free wildcard certificates for your whole domain.
I would however not recommend to use Cloudflare together with their CDN and HTTPS service if you value real security and privacy. Cloudflare sits between your visitors and your servers. So they are a "man in the middle" and a man in the middle can decrypt traffic from both sides and modify how they wish before encrypting it again and sending it back. This is a huge security risk and also a violation of privacy. This MITM (man in the middle) attack can be used to steal information or inject malicious code into websites (including possible viruses, malware and similar).
I only use Cloudflare for their DNS hosting because they provide free anycast DNS with a lot of locations world wide, a proper API and support for a lot of DNS records incuding DNSSEC (mechanism to introduce more security in the DNS system). Now if you don't use Cloudflare's CDN service you get no DoS/DDoS protection at all because your server is no longer hidden behind the Cloudflare reverse proxy.
And you should take their DDoS protection with a grain of salt as a free user! They can turn if off whenever they want (e.g. when the attack becomes to big). As a free user the protection also only applies to websites. If you are a paid user however you can hide quite a it more than just websites behind their protection and you get guaranteed protection. The paid plans however are quite expensive.
TL;DR: Cloudflare CDN and their HTTPS function shouldn't be used if real security and privacy is valued. The DDoS protection that comes with the free plan is not to be taken for granted and might be turned off at the slighest attack. Free users can only hide their websites behind the protection and nothing else.
This is getting offtopic. Nothing about Let's Encrypt or this tutorial. Please stay ontopic or staff will close this quickly. Thank you.
Cloudflare offers certificates for HTTPS service when you use their CDN service (reverse proxy) for your site. In that case the certificate is installed on their servers instead of on your server in the most common mode. They have other modes where you can additionally install a certificate on your server to also encrypt communication between Cloudflare and your server. All of that might sound good and awesome because it is for free, right? Especially when Cloudflare offers free wildcard certificates for your whole domain.
I would however not recommend to use Cloudflare together with their CDN and HTTPS service if you value real security and privacy. Cloudflare sits between your visitors and your servers. So they are a "man in the middle" and a man in the middle can decrypt traffic from both sides and modify how they wish before encrypting it again and sending it back. This is a huge security risk and also a violation of privacy. This MITM (man in the middle) attack can be used to steal information or inject malicious code into websites (including possible viruses, malware and similar).
I only use Cloudflare for their DNS hosting because they provide free anycast DNS with a lot of locations world wide, a proper API and support for a lot of DNS records incuding DNSSEC (mechanism to introduce more security in the DNS system). Now if you don't use Cloudflare's CDN service you get no DoS/DDoS protection at all because your server is no longer hidden behind the Cloudflare reverse proxy.
And you should take their DDoS protection with a grain of salt as a free user! They can turn if off whenever they want (e.g. when the attack becomes to big). As a free user the protection also only applies to websites. If you are a paid user however you can hide quite a it more than just websites behind their protection and you get guaranteed protection. The paid plans however are quite expensive.
TL;DR: Cloudflare CDN and their HTTPS function shouldn't be used if real security and privacy is valued. The DDoS protection that comes with the free plan is not to be taken for granted and might be turned off at the slighest attack. Free users can only hide their websites behind the protection and nothing else.
This is getting offtopic. Nothing about Let's Encrypt or this tutorial. Please stay ontopic or staff will close this quickly. Thank you.
![[Image: zHHqO5Q.png]](https://i.imgur.com/zHHqO5Q.png)