Deflect gives the option of making your website available to the public over an encrypted HTTPS connection. If you’d like to learn more, read this guide.
HTTPS/TLS Configuration #
There are three mode Deflect supports for HTTPS/TLS connections.
Full TLS encryption #
We strongly advise choosing the full TLS encryption mode if your website already supports HTTPS/TLS connection. This guarantees that traffic is encrypted all the way from the visitor’s browser to Deflect and to your server. However, Deflect will serves as the TLS termination point.
Flexible TLS encryption #
If your site doesn’t not support HTTPS, this alternative can be chosen. The option for site admins who would like Deflect to implement a HTTPS certificate for your server. Nonetheless, since the traffic between your origin server and Deflect would not be encrypted, there might be potential security risks.
None (HTTP) #
Unless you have a substantial reason to support only HTTP connection, this option is not suggested. It’s key to note that modern browsers will label your site as unsecured in the address bar.
HTTPS Options #
This option allows you to select how HTTP to HTTPS redirection is handled on Deflect.
Origin Certificates #
Deflect encourages your origin server to facilitate TLS connections. To simplify your setup, Deflect is capable of generating an origin certificate for you.
To ask Deflect to create an origin certificate for you, click the “Let Deflect generate a certificate and key bundle” button.
To create an origin certificate yourself and upload a Certificate Signing Request for Deflect to sign, click the “Upload a certificate signing request” button and paste your PEM encoded CSR in the form that will automatically open.
By clicking the “Generate Origin certificate bundle” button, a certificate will be generated automatically and appear in the list of generated origin certificates.
Click “Download bundle” to download a zip file containing the files you need to install in your web server to enable TLS connections with Deflect.
