Hướng dẫn giải pháp Solution guide Application Services Application Services
Enforce HTTPS and encrypt all traffic (Free, Pro, and Business)
/use-cases/solutions/encrypt-all-keep-site-secure
Mở tutorial / guide ↗ Open tutorial / guide ↗Phần 2: SSL/TLS và kết nối origin Part 2: SSL/TLS and origin connection · Bài 1/2 Lesson 1/2
Chọn SSL/TLS mode phù hợp Choose the right SSL/TLS mode
Full (strict) khi origin có cert hợp lệ. Tránh Flexible nếu origin chỉ nhận HTTPS. Kiểm tra redirect HTTP→HTTPS. Use Full (strict) when origin has a valid cert. Avoid Flexible if origin expects HTTPS. Verify HTTP→HTTPS redirects.
Các bước thực hiện Step-by-step
- SSL/TLS → Overview: chọn Full (strict) nếu origin có cert hợp lệ. SSL/TLS → Overview: choose Full (strict) when origin has a valid cert.
- Tránh Flexible khi origin chỉ chấp nhận HTTPS (gây redirect loop). Avoid Flexible when origin expects HTTPS only (can cause redirect loops).
- Bật Always Use HTTPS + Automatic HTTPS Rewrites. Enable Always Use HTTPS + Automatic HTTPS Rewrites.
- Test http:// và https:// — không lỗi cert trên browser. Test http:// and https:// — no certificate errors in the browser.
Giải thích chi tiết Detailed explanation
SSL mode quyết định mã hóa giữa user↔Cloudflare và Cloudflare↔origin. Đây là nguồn lỗi phổ biến nhất sau khi bật proxy. SSL mode controls encryption user↔Cloudflare and Cloudflare↔origin. This is the most common issue after enabling proxy.
Mẹo: Tip: Test bằng curl hoặc browser incognito sau mỗi thay đổi mode. Test with curl or an incognito browser after each mode change.
Lưu ý (best practices) Note (best practices)
Để mã hóa end-to-end, dùng Full (strict): cả kết nối visitor→Cloudflare và Cloudflare→origin đều HTTPS, origin cert được xác thực. Bật Always Use HTTPS để chuyển mọi HTTP sang HTTPS. For end-to-end encryption, use Full (strict): both visitor→Cloudflare and Cloudflare→origin use HTTPS with origin certificate validation. Enable Always Use HTTPS to redirect all HTTP to HTTPS.
Nguồn: Source: Enforce HTTPS and encrypt all traffic Enforce HTTPS and encrypt all traffic ↗
Ví dụ triển khai (Cloudflare Resources) Deployment examples (Cloudflare Resources)
Tutorial, solution guide và reference từ developers.cloudflare.com/resources ↗ — gợi ý theo chủ đề bài học. Tutorials, solution guides, and reference docs from developers.cloudflare.com/resources ↗ — matched to this lesson topic.
Tutorial Tutorial Application Services Application Services
Configure HTTPS settings
/terraform/tutorial/configure-https-settings
Mở tutorial / guide ↗ Open tutorial / guide ↗ Tutorial Tutorial Application Services Application Services
Add exceptions with Page Rules
/terraform/tutorial/add-page-rules
Mở tutorial / guide ↗ Open tutorial / guide ↗ Tutorial Tutorial Application Services Application Services
AWS cloud HSM
/ssl/keyless-ssl/hardware-security-modules/aws-cloud-hsm
Mở tutorial / guide ↗ Open tutorial / guide ↗