Finally Secure with HTTPS & Cloudflare


With a restart to my personal blog on the new (to me) Hexo platform, I figured it was time to start hosting the website properly as well. The previous blog was running from using a simple python command meant for debugging and screen to keep it running in the background. This time I’m writing posts, testing to make sure they will display properly, and then publishing them to static files which are served to the client via an Apache 2 server.

In addition to properly hosting my blog, I wanted to have it more secure than just HTTP. Luckily, Apache easily supports HTTPS and is pretty easy to setup, but using a personally signed certificate is a problem. A modern browser such as Firefox will present the user with a warning such as “This Connection is Untrusted” or “Your connection is not secure” and requires 2 clicks to proceed to the website. This issue is obviously not ideal and would cause a massive loss in viewership. To solve this problem, I decided to put my site behind Cloudflare.

I was a slightly nervous about using Cloudflare since I had never used their services before, but man was it a great decision. It was incredibly painless to setup from changing the domain servers to generating the public and private keys needed for Apache. I think it was harder to configure Apache to redirect normal HTTP traffic to HTTPS if possible than it was for the whole Cloudflare setup.

Now in addition to having a seamless HTTPS experience for my viewers, I have standard DOS protection and caching so my website (hosted in NY) can have faster speeds in more geographical locations. It also provides me with a super cool web panel to check out many unique visitors I get and from where in the world they are located. I think now I might move my home servers, which have some front facing ports, over to Cloudflare as well :).

See you guys soon with some more exciting updates!