Flexible SSL: There is an encrypted connection between your website visitors and Cloudflare, but not from Cloudflare to your server.
You do not need an SSL certificate on your server
Visitors will see the SSL lock icon in their browser
Full SSL: Encrypts the connection between your website visitors and Cloudflare, and from Cloudflare to your server. The difference between Full and Full (Strict) is that Full (Strict) checks for a valid certificate on your origin server, whereas Full checks for any certificate.
You will need to have an SSL certificate on your server. However, Cloudflare will not attempt to validate the certificate (certificates may be self-signed)
Visitors will see the SSL lock icon in their browser
Full SSL (strict): Encrypts the connection between your website visitors and Cloudflare, and from Cloudflare to your server.
You will need to have a valid SSL certificate installed on your server signed by a publicly trusted certificate authority which has not expired and contains the domain name for the request (hostname).
Visitors will see the SSL lock icon in their browser
因為 flexible 是由 cloudflare 設置 client 與 cloudflare 間的 https 連線,而 cloudflare 與 api server 或 web server 之間仍是走 http,所以可以不用在 server 安裝證書,且 nginx 監聽 80 port 即可。
包含後端與前端
cloudflare 設置
Nginx 範例 config
# Default server block for domain.comserver { listen 80; server_name domain.com www.domain.com; # Your site configuration goes here location / { # Your site settings go here }}# Server block for api.domain.comserver { listen 80; server_name api.domain.com; # Proxy settings to route requests to port 8111 location / { proxy_pass http://localhost:8111/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}
