9

I am using Spaces S3 storage on DigitalOcean. To add a subdomain for my Spaces, an SSL certificate is required to be uploaded. I am trying to use the Cloudflare Free Edge SSL certificate, and forward my requests from my subdomain.company.com to Spaces Endpoint.

K Manoj Kumar
  • 606
  • 5
  • 9

3 Answers3

32

I've figured it out, this is how it works for me.

  1. Create a DigitalOcean Space with the CDN option selected. The space name must match the fully-qualified subdomain you want to use, e.g. cdn.example.com if you were using that domain.
  2. Create the desired CNAME for your DO CDN on Cloudflare. For the CNAME record value use the CDN endpoint value provided by DO. Keep the "proxied" toggle on.
  3. Use Cloudflare Dashboard to create origin server self-signed SSL Cert specifically for the CNAME (Custom domain) created in step 2.
  4. Use DO Spaces CDN option to add a new subdomain SSL certificate created from Step 3. Add Name, Cert, Key, and your Custom Domain value and Save.
  5. Done! Cloudflare is now proxying your DO CDN domain, and your files on DO Spaces can be served on a Custom Domain.
mahemoff
  • 44,526
  • 36
  • 160
  • 222
K Manoj Kumar
  • 606
  • 5
  • 9
  • In step 2 what is the different between "Proxied" and "DNS Only"? As DO is already providing CDN should one just choose DNS Only? – entron Mar 28 '21 at 11:58
  • 2
    @entron You need to enable PROXIED on CloudFlare for the CloudFlare Self-signed SSL cert to work. It doesn't work with DNS only. – K Manoj Kumar Mar 29 '21 at 16:35
  • I am newbie to networking and trying to do this exact same thing but was not to figure out the 3rd step. I registered a domain in godaddy.com (example.com) and added digital ocean nameservers for the domain. Now in the Digital ocean, I added the domain that I bought. Under CName section, I added hostname: xyz.example.com and for is an alias: digitalocean cdn url(bucket.sfo.digitalocean.com). When I go to cloudflare and trying to add the site (xyz.example.com) it gives error only route domain should be added. Please help in what I am doing wrong? Also, do I need to have paid cloudflare account? – marsuser May 04 '21 at 23:54
  • Thank you for the solution! One more thing: I needed to create a new space with the desired name and copy all the files to the new one. **Remember to set your file's permissions to public or else you get 403 access denied.** – Sandrogo May 20 '22 at 12:58
10

I was still running into issues with Manoj's solution. Eventually I was able to resolve it. The problem was that the space name must match the custom subdomain exactly, e.g.:

cdn.example.com
Paul Kuhle
  • 326
  • 2
  • 6
0

Another way to do it:

  1. Create a DigitalOcean Space.

  2. Create a Cloudflare SSL > Origin Server certificate.

    Your hostname should point to your custom subdomain exactly. ex: cdn.example.com. Save certificate and key.

  3. Enable CDN on your DigitalOcean Space and add subdomain.

    Enter recently created ssl certificate and key. Once you add this you should be able to select ex: cdn.example.com from the custom subdomain select box.

  4. Create a Cloudflare DNS > CNAME record.

    Use desired CNAME for your DigitalOcean CDN on Cloudflare ex: cdn. For the CNAME record value use the CDN endpoint value provided by DigitalOcean. Keep the "proxied" toggle on.

JP Garza
  • 212
  • 3
  • 16