Oct 1, 2016

Naked Domain With CloudFlare and Force HTTPS



Who doesn't want a domain.com instead of www.domain.com? and why not force SSL to everyone too? due the misinformation found around the internet, look and understand here a definitive solution to both problems.

Introduction

Naked domain is a domain without the subdomain, like subdomain.domain.com or whatever.domain.com, due to this short name, it's the preferable way to show and spread domains names actually. Another desirable thing is  force the SSL / HTTPS always, in other words, if someone access your domain with http://domain.com or http://www.domain.com or https://subdomain.domain.com they all should be redirected to https://domain.com.

But naked domains seems to have some kind of limitation due the RFC (when was created the rules about DNS names etc ~1987), so you should use a subdomain.domain.com, but CloudFlare use a technique called CNAME flattening (details here) which allows the use of naked domains anyway. 

Configuration

Start configuring your domain CNAME:

Where 189.55.55.55 is your domain.com server IP or DNS address. Note that at this point www.domain.com and domain.com both are valid and will resolve requests to the 189.55.55.55 IP, the connections can be made with HTTP or HTTPS, depends how it was requested/typed by the users in the browser. Now go to "Page Rules" and add a "Always Use HTTPS" rule:


Here "http://<anything>domain.com/<anything>" will be converted to "https://<anything>domain.com/<anything>" before reach your server. Save and create another rule called "Forwarding URL":


At this point any requests will have the https://<anything>.domain.com/<anything> format, so what this rule does is ignore the first <anything> (which is the subdomain) and convert the request to https://domain.com/<anything>. The $2 gets the second wildcard data from the first field. 

Note that if someone enters https://test.domain.com won't work, because your DNS server doesn't have the test subdomain mapped, although CloudFlare supports wildcards for subdomains, it's not free, so you must add manually, if desirable, the subdomains, like you did with the www. Let's see if you got it, look some examples for the desired request at your server "https://domain.com/", left what user put in their browser and right what CF deliver to your server after the conversion using the page rules:

http://domain.com -> https://domain.com
http://domain.com/ -> https://domain.com/
http://domain.com/index.html -> https://domain.com/index.html
http://www.domain.com -> https://domain.com
https://www.domain.com -> https://domain.com
https://test.domain.com -> nothing, server not found, the test subdomain CNAME does not exist

That's all!

0 comentários :

Post a Comment