Cloudflare

I recently started using Cloudflare for DNS on one of my domains. The biggest reason for this was to be able to get a wild card SSL certificate. Certbot requires the ability to set a txt record on DNS in order to issue a wild card cert. My registrar/DNS provider doesn't offer that ability. So I started using Cloudflare I have heard mixed opinions on using Cloudflare, but someone I spoke with recently was using it in production and so I wanted to see what it was all about. The jury is still out on weather or not I will continue to use it but I am using it now. This shouldn't be a supprise but adding a service like this caused some difficulty to getting Caddy working for me.

The default setting for SSL on Cloudflare is the "Flexible" setting. This means that Cloudflare tries to talk to the server unencrypted but by default Caddy uses encryption, it's right in the tag line! This was causing a "redirect" loop. I had to adjust Cloudflare to use the "Full (strict)" setting. This allowed Caddy to get a valid cert and redirect automatically.

Guarantee On The Box

Encryption has become a standard over the years. Google started using it as part of how well they rank your site in their search results and I am sure the others have followed suit. While this is probably a net positive it has probably also led to some sneakiness like what Cloudflare offers. You can make it look like all traffic to the site is encrypted but not actually do the encryption between the proxy and the server, makes you feel all warm and fuzzy inside seeing that little lock icon in your address bar but is it really secure? It reminds me of a movie I watched recently Tommy Boy.

But why do they put the guarantee on the box then?

Because they know all they sold ya was a guaranteed piece of sh*t. That's all it is. Hey, if you want me to take a dump in a box and mark it guaranteed, I will. I got spare time. But for right now, for your sake, for your daughter's sake, ya might wanna think about buying a quality item from me.