- Newest
- Most votes
- Most comments
Hello.
I'm sorry if my understanding is wrong.
Does this mean that you have set up the following configuration?
CloudFlare -> S3
CloudFlare -> CloudFront -> S3
I have to change it to Flexible now in order to access the S3 bucket using the CNAME domain.
CloudFlare Flexible mode is a setting where communication between the origin server and CloudFlare is performed using HTTP.
In other words, if you directly specify S3 with static website hosting enabled as the CloudFlare origin, it is correct to be able to access it normally.
https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/flexible/
On the other hand, if the SSL mode is Full, the communication between CloudFlare and S3 is performed using HTTPS, so I think access fails.
https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/full/
https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html
Amazon S3 website endpoints do not support HTTPS or access points. If you want to use HTTPS, you can use Amazon CloudFront to serve a static website hosted on Amazon S3. For more information, see How do I use CloudFront to serve HTTPS requests for my Amazon S3 bucket? To use HTTPS with a custom domain, see Configuring a static website using a custom domain registered with Route 53.
Thank you for the response, Riku.
My configuration is S3 -> CloudFlare -> Client. It was working fine before I experimented with a CloudFront layer between S3 and CloudFlare.
It is true S3 website endpoint doesn't support HTTPS. But I was using CloudFlare proxy with its SSL certificate. So from the client end, I was able to view S3 shown as HTTPS. But after the failed CloudFront distribution (it was running with a green status, but my site did not show up; the SSL certificate I requested via ACM never came through, so I had to cancel it) was disabled and deleted last night, my set up with CloudFlare has stopped working since - it appears to me that the universal SSL certificate issued by CloudFlare somehow is not being recognized now.
My apologies if you have seen this. https://www.cloudflare.com/developer-platform/solutions/s3-compatible-object-storage/
You may want to cross post on CloudFlare forums. Yes S3 doesn't support https but I believe S3 supports SSL. From a best practice standpoint, all data on the internet should be encrypted by SSL or HTTPS.
I would question the CloudFlare experts how to connect securely to an S3 website. Cloudfront seems excessive for this but I don't have all your facts and I wouldn't want to mislead you.
Relevant content
- asked 2 years ago
- Accepted Answerasked 4 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 months ago
I used CloudFlare about two years ago, and at that time I had to set the SSL mode to Flexible because the communication between CloudFlare and S3 was via HTTP. I don't think that has changed, but does it now work in full mode? https://advancedweb.hu/how-to-add-https-for-an-s3-bucket-website-with-cloudflare/