Deflect can automatically serve your website over an encrypted HTTPS/TLS connection. To learn more, read this guide.
If your website already supports HTTPS/TLS connection, you still need to configure it on Deflect. You can use your existing certificates, or generate new Let’s Encrypt certificates for use on the Deflect servers.
Full TLS Encryption #
We strongly advise choosing the full TLS encryption mode if your website already supports HTTPS/TLS connection. This guarantees that traffic is encrypted all the way from the visitor’s browser to Deflect and to your server. However, Deflect will serves as the TLS termination point.
Flexible TLS Encryption #
If your site doesn’t not support HTTPS, this alternative can be chosen. The option for site admins who would like Deflect to implement a HTTPS certificate for your server. Nonetheless, since the traffic between your origin server and Deflect would not be encrypted, there might be potential security risks.
HTTP Only Mode #
Unless you have a substantial reason to support only HTTP connection, this option is not suggested. It’s key to note that modern browsers will label your site as unsecured in the address bar.
Public TLS Certificates #
Deflect offers the choice to produce a complimentary Let’s Encrypt TLS certificate for your website. Unless there are certain demands necessitating the use of your current TLS certificates.
