Custom SSL

Prerequisites

First ensure your pod has a custom DNS assigned to it. This guide shows you how:

Choose your SSL Mode

Flexible SSL encrypts the data from Cloudflare to the End User, but does not enforce encryption between your Pod and Cloudflare. This is fine for most cases where information is meant to be public (most informational websites and DApps without user specific info being served)

Strict SSL encrypts the data both from CloudFlare to the End User as well as the data between your Pod and Cloudflare. This is best when you are serving sensitive data such as personal user info (common with Web2 based sites with personal information kept behind a login)

Flexible provides the fastest setup and Strict provides a more complete encryption solution with a few more technical steps.

Both options are completely valid which is why they are both supported. Pick the one that matches your requirements best.

Cloudflare Flexible SSL

In CloudFlare, navigate to SSL/TLS > Overview

Select Flexible

Cloudflare Strict SSL

The following will REQUIRE you to use Cloudflare to create an SSL Certificate.

Generate Origin Certificate

Go to your domain in Cloudflare and manage your "Origin Server" certificate

Create a Certificate

Configure your certificate type, domains and lifetime

Copy the Certificate and Key and paste into StackOS Pod Configuration

Your should see your certificate listed

Enable Cloudflare Strict Mode

Activate this style of Origin certificate in two ways:

1) By default for all subdomains of your domain

2) ONLY for a single domain.

For all subdomains

For a single domain

Go to Rules > Page Rules

Create Page Rule

Configure Page Rule

Resulting Page Rule