CloudFlare SSL for the control panel?

  • Hi,


    Momentanly i bypass the panel trought cloudflare (DNS only) for the panel. And i want to ask if it is possible to use Cloudflare Shared SSL (Flexible) for the Panel, will it work? Must the SSL option be enabled for that (i think here nothing must be done in imscp) ?


    And if SSL for the Panel must be enabled how can i reconfigure that option?


    Thanks in advance.

    Edited once, last by Goodpeace ().

  • Hello,


    First thing to check: Be sure to use default ports for the panel: 8880 (http) and 8443 (https). CloudFlare doesn't supports other ports.


    To use CloudFlare flexible SSL there is nothing to do on i-MSCP side. As the CloudFlare doc say:


    Flexible SSL: There is an encrypted connection between your website visitors and Cloudflare, but not from Cloudflare to your server.

    • You do not need an SSL certificate on your server
    • Visitors will see the SSL lock icon in their browser

    That means that SSL for the control panel can be off (unconfigured).


    Now, I would recommend at least the Full SSL:


    Encrypts the connection between your website visitors and Cloudflare, and from Cloudflare to your server. The difference between Full and Full (Strict) is that Full (Strict) checks for a valid certificate on your origin server, whereas Full checks for any certificate.

    • You will need to have an SSL certificate on your server. However, Cloudflare will not attempt to validate the certificate (certificates may be self-signed)
    • Visitors will see the SSL lock icon in their browser

    So here, you need to enable SSL on the control panel but a self-signed SSL certificate is sufficient. You can enable SSL by running: perl /var/www/imscp/engine/setup/imscp-reconfigure -dar panel_ssl

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hi @Nuxwin


    Thanks for your answer. I will give it a try later to activate the (orange) Cloud on my DNS settings of cloudflare and if i can reach over https :)


    I give a little feedback later, also i take in mind your opinion over the SSL Strict.


    EDIT: And yes my panel ports are standart also i need to open it with domain.tld:8443 right?


    Thanks a lot.

  • @Goodpeace


    Not Full SSL (strict), simply Full SSL. With Full SSL strict, you need a valid certificate on panel side while with Full SSL only, you need only a self-signed cert ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • @Nuxwin i have tried now with a domain which is routed on the server (and cloud is actived, not main panel URL) and i receive this error:


    https://domain.tld:8443/webmail with port 8080 it works also not.


    Download.jpg

  • Good Morning,


    Nobody an idea why this happend? :(

  • The standard i-mscp SSL Port is 4443. Maybe thats the problem.


    1.) Disable Cloudflare (go to Domain - DNS - click the orange cloud - it will become grey and than try the port 4443)
    2.) if it works, than you have the wrong port ;-) Sorry.
    3.) change the i-mscp standard port to 8443
    4.) Enable Cloudflare (the orange cloud)
    5.) try again the port 8443


    On problems, write me a PM.


    I have the "PanelRedirect" Plugin running and it works with Cloudflare just out-of-the-box

  • I do not have activated SSL for the panel so this can not be tested :)
    As @Nuxwin discribed with flexible this is not needed.