New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
only DNS with free cdn
Suppose I have a website that uses free ssl certificate from let's encrypt. I know that let's encrypt is not compatible with free cdn like cloudflare/incapsula (end to end encryption). Is it possible to use only the dns service of those cdn providers along with let's encrypt ? If possible how or which settings do I need to change ? thanks.
Comments
Yes, Cloudflare allows you to turn off their CDN and only make use of their managed DNS service. On your sites DNS records page, just make sure that all the clouds beside each entry are grey instead of orange. If they are orange, then that traffic is going to be routed through Cloudflare's CDN, which you don't want.
if I correctly understand, you need to install LE certificate into domain that uses CF DNS ?
It's not big deal ... take a look at this domain ...
http://intodns.com/fossgeek.org
Yes, it's possible to just use the Cloudflare's DNS without using their "CDN" (or MiTM) services (CF is not a real CDN solution, or at least it's not a CDN in many scenarios).
Anyway, it's possible to encrypt your content to CF and let CF re-encrypt it with their cert for your visitors; this approach sometimes is liked, sometimes is not (and it raised some perplexities).
As @fxf pointed out, in CF just let your site(s) bypass the "orange cloud" in the DNS panel. Just click on the orange cloud and let it become grey. This way you'll turn off their http proxy for the given resource.
How good is their DNS service? Better than HE's? Thanks
@datanoise according to @jimaek 's https://www.dnsperf.com/ , it is
(dnsperf.com is using CF as well)
At your scale of use, there is nothing to compare.
Its simply a DNS you always know. Pick type, Enter domain, enter IP, auto TTL and thats it.
But for management, I find Cloudflare interface is lot easier and friendlier to manage. Especially when you are managing multiple domains.
like changing the NS on your domain?
Nice, impressive stats!
Thanks @fxf, @mfs for helping me out. I made all the clouds grey and everything is working perfectly. Is the same thing possible with incapsula ? However it seems cloudflare has superior dns service, probably one of the best in the world.
Yes it is with Cloudflare (not gray but orange). I tried a Wordpress Site (Lets Encrypt) and all was working ok (Full SSL (strict)). Only some problems about wp-login.php but honestly i didnt have so much time for tests. But i bet with much more time and tweaks on Cloudflare Page Rules was possible even with wp-login.php. Speaking about site i didnt see problems browsing and testing (curl - I), OpenLitespeed Cache was working perfectly my side (cache hit).
But if you dont have so much time and you need only to have your certificate (LetsEncrypt) and to manage your dns from CloudFlare just remove the Orange.
OVH has a free cdn/ssl gateway that creates LetsEncrypt certificates for you automatically.