Cloudflare Authenticated Origin Pulls

#cloudflare #sysadmin

It’s possible to validate the incomming requests on nginx to make sure they’re coming from Cloudflare.

Authenticated Origin Pulls

Once the cert is installed on the server, add the following to your nginx server config and enable Authenticated Origin Pulls for the domain at Cloudflare. [1]

ssl_client_certificate /etc/nginx/certs/cloudflare.crt;
ssl_verify_client on;

[1] https://support.cloudflare.com/hc/en-us/articles/204494148-Setting-up-NGINX-to-use-TLS-Authenticated-Origin-Pulls