Steph40 Posted October 3, 2017 Posted October 3, 2017 Hi I have my own ssl certificate installed on my nginx server with these nginx rules: ssl on; ssl_certificate /etc/letsencrypt/live/exemple.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/exemple.com/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA; ssl_session_cache shared:SSL:50m; ssl_dhparam /etc/letsencrypt/live/exemple.com/dhparam.pem; ssl_prefer_server_ciphers on; I am now using cloudflare and it has its own ssl even with the free plan, so when I load my website it shows cloudflare certificate and not mine. Now my question is can I or should I remove any of those line in my nginx config? Seems to be overkill to have 2 certificate loading. @ASTRAPI tagging you cause you know cloudflare. But anyone is welcome to give their 2 cents. Thank you
ASTRAPI Posted October 4, 2017 Posted October 4, 2017 You must use Cloudflare certificate as the requests pass from there but that's not an issue..... Just enable the Full option at crypto and you are done There is no performance issue on that...
Steph40 Posted October 5, 2017 Author Posted October 5, 2017 So removing those line in Nginx won’t improve anything?
ASTRAPI Posted October 7, 2017 Posted October 7, 2017 I guess that you will need that lines for your ssl at your server level that is needed ! You should have an ssl on your server and then enable the FULL option at Cloudflare.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.