Discussion in 'Server Configuration and Hosting' started by nodle, Sep 29, 2014.
So what do you guys think of Cloudflare's announcement today? I am excited for it!
I wonder if we will need any special instructions for setting it up using Xenforo? Or will it automatically be applied as a setting under the control panel. Any ideas @damoncloudflare ?
More down time? I always had a tons of downtime when I was using cloudflare while back. Things have changed? How good it is now?
It depends, it works pretty well for me. Glad to see SSL support coming for free users.
I suppose that Google's announcement that sites with SSL will have preferential treatment to non-SSL sites had something to do with this change.
But they are still on SHA1 : https://community.centminmod.com/threads/cloudflare-free-ssl-in-mid-october.1041/#post-7090
That SHA1 cert is the placeholder cert while you wait for the crawler to validate the domain and issue the real cert.
I haven't yet seen what a real provisioned universal ssl cert actually looks like yet.
Just tried and it didn't work instant, How long should I wait for it to be activated @damoncloudflare ?
The domain I tested is already using Cloudflare for months.
Giving this a go on https://www.orchidsforum.com
I got this
Yes. Its only been a few hours so far since I set up Cloudflare on it.
it appears to be working now.
please keep us informed! i gave cloudflare a go a couple of years ago, even went on the paid plan. but the anomalies were so common that seemingly every other day one user or another was having problems related to cloudflare. i am curious to see if it (and by extension this ssl service) are improved.
It was using Comodo now, not from Cloudflare.
Correct me of I'm wrong.
correct, although i dont know if cloudflare has some sort of deal with them or not. im not even completely sure what cloudflare is offering, i suppose.
We don't know what is that Universal SSL
How does it support millions of domain
Universal SSL: Be just a bit more patient
I heard a while ago that CloudFlare would be offering SSL 'for free' to pro customers due to Google's statement about SSL. I'm not sure whether or not this is correct, though.
Thanks for the heads up, OP!
So for us running Xenforo and using this are there changes that need to be made say to the config.php or the htaccess file that need to be changed for it to work, or will it work straight out the the box? I have seen users on there forcing SSL etc. Just wondering if we have to make changes on our side for this to work with it?
XenForo's configuration doesn't require any changes for https vs http. It is all about the webserver's configuration.
If you are using Full SSL or Full SSL (Strict), then nothing needs to be changed provided your webserver is setup to pass in if the connection is HTTPS or not. For Flexible SSL, you need to parse the header they push down in the webserver (ref) to then push HTTPS status into XenForo.
CloudFlare pushes the following header for each connection:
If you can issue a self-signed cert, and your site works properly with that; then you aren't going to have an issue with Full SSL. In the future CloudFlare have said they will be supporting SSL-cert pinning for Full SSL or Full SSL (Strict).
You'll need to add this to your config.php: https://support.cloudflare.com/hc/e...o-I-restore-original-visitor-IP-with-XenForo-
That will allow any visitor bypassing CloudFlare to set the sender IP and requires that CloudFlare is replacing that header and not adding it.
You must validate that the upstream IP matches a CloudFlare IP before you accept that header: https://support.cloudflare.com/hc/e...6-Does-CloudFlare-have-an-IP-module-for-Nginx-
Separate names with a comma.