Disable SSL in cloudflare and using in server side (Ubuntu and Nginx)

2018-06-11 07:28:20

I currently use Cloudflare as a CDN and DNS manager and until recently I used the shared and universal SSL that it has for free but, due to needs, I hired an EV SSL. Through the cloudflare panel I can not, for free, insert a custom certificate (only starting at $ 200). I use nginx on my server running with Ubuntu and I have all the settings ready to use my EV SSL that has already been inserted into the server but, by disabling SSL in the cloudflare and keeping the settings in Nginx, I get the ERR_TOO_MANY_REDIRECTS error return. PS: I have currently configured a page rule in Cloudflare to always use HTTPS in requests for this domain.

Below is my nginx configuration and I would like to know if it would be possible to confirm server side SSL, without inserting the certificate in Cloudflare, continuing with the free plan that it has available to me and using my EV SSL.

server{
   listen 443;
   root /var/www/redeestrela.com.br;
   server_name www.redeestrela.com.br;

   ssl    on;
   ssl_session_timeout  5m;
   ssl_protocols  SSLv2 SSLv3 TLSv1;
   ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
   ssl_prefer_server_ciphers   on;

   ssl_certificate        /etc/nginx/ssl/redeestrela.crt;
   ssl_certificate_key    /etc/nginx/ssl/redeestrela.key;

   error_log /var/log/nginx/redeestrela.error.log;

   include global/php.conf;
   include global/wordpress.conf;
   include global/restrictions.conf;
}

server{
   listen 443;
   server_name redeestrela.com.br;
   return 301 https://www.redeestrela.com.br$request_uri;
}

In order to serve an EV SSL certificate from Cloudflare, you would need to upload that certificate as a custom SSL certificate. This is a Business and Enterprise only Cloudflare feature, however is fairly straight-forward to do.

How do I upload a custom SSL certificate? (Business or Enterprise only)

In the future, we're hoping to have EV SSL certs as an add-on at any plan-level. Meaning we acquire, manage and renew the certificate for you. Feel free to email supportATcloudflareDOTcom if you'd be interested in trying the beta when available.

链接地址: http://www.djcxy.com/p/32474.html

上一篇: 使用让我们使用CloudFlare和nginx加密时，SSL握手失败

下一篇: 在cloudflare中禁用SSL并在服务器端使用（Ubuntu和Nginx）