CloudFlare HTTPS Page Rule
Blog post created on 2015-05-12
CloudFlare provides a free and fast way to deliver your website over HTTPS. It only takes a few clicks and avoids the need to configure and install your certificate on your web server. The catch of course is that the certificate the user sees is issued to CloudFlare and uses Server Name Indication (SNI) to validate on your domain as well as probably a number of other domains served by CloudFlare. For most users, this is not a problem.
To enable SSL you simply need to navigate to the crypto section in the CloudFlare interface and enable Flexible SSL. This simply means that users will be able to connect to the CloudFlare end point over SSL even if the connection to your origin server does not support HTTPS.
Once this is enabled you can type your domain name with https
in front in your browser and watch the magic unfold.
How do you force all connections to use https? Thankfully this is also an easy task with page rules. We need to match all possible URLs and enforce HTTPS. To accomplish this the rule is simple: *domain.tld/*
; and turn on the always use https option. And that is it! The two stars are simply wild cards that match any string on either side of your domain. In this case we are trying to match any potential sub domain (the star to the left) and any potential path (the star to the right).
All the features above are available in the free plan.