Learn
>
Sygnal-U
>
Reverse Proxy w/ Cloudflare
>
The SSL Problem

Reverse Proxy w/ Cloudflare

The SSL Problem

Overview
Introduction & Overview
Introduction to Reverse Proxies + Webflow
001
What Problems are we Solving?
What Problems are we Solving here?
101
The SSL Problem
102
Maximizing Site Performance
103
Staying Within Webflow's Hosting Plan Traffic Limits
104
Setup & Configurations
Proxy Configuration Approaches
201
Reverse-Proxy DNS Config
202
High Performance Configs
Proxying for Performance
300
Caching Strategy
301
Level 1 - Basic Caching
302
Level 2 - Caching + Optimization
303
Level 3 - Extended Caching + Optimization
304
Level 4 - Advanced Caching + Optimization
306
Administration
How to Determine if an Item is Cached
801
How to Remove a Cached Item
803
Emergency Revert
804
Resources
More Resources
901
No items found.
Published
October 28, 2023
Updated
January 17, 2025
in lightbox
VIEW THE LESSON

What is The SSL Problem?

Webflow has a specialized SSL setup particularly in how the certificates are generated.

If you reverse proxy a site using Webflow's default configuration, it may work for awhile but when the Let's Encrypt SSL certificates are renewed ( every 3 months ), that renewal can fail and therefore make your site inaccessible.

The common remedy to this was to dodge it entirely by switching SSL off on the Webflow site, however this raises two issues;

  • This creates vulnerabilities, at least in theory, because your traffic is not 100% SSL encrypted from the browser to the Webflow server.
  • Webflow now locks the SSL setting on when you are using ECommerce, User Accounts, or Logic. You cannot disable it.

The end result was that most reverse proxy solutions I'd seen for Webflow required special administrative handling to ensure the SSL cert is re-generated every 3 months.

Not fun.

The Solution

There are a number of approaches that the community has explored to overcome this problem.

The most reliable one I've found for Cloudflare is to use a different set of IP's and CNAMEs in the DNS than Webflow normally recommends.

Finsweet's Alex goes into some excellent detail in this video-

https://youtu.be/sj8hEtQzato?t=2201

And there is a writeup in the Github-

https://github.com/finsweet/reverse-proxy?tab=readme-ov-file#dns-management

This is the approach Sygnal recommends.

Notes

MilkMoon's Solution

A shout out to Jakes van Eeden who first introduced me to this approach. MilkMoon and Finsweet use the same approach.

https://www.milkmoonstudio.com/post/using-webflow-with-cloudflare-to-cache-and-speed-up-your-webflow-project

TenTen's Solution

Erik Chen offers a different solution which preserves Webflow's standard DNS config, and then adds a special rule to support the SSL certificate renewals.

However, we've been unsuccessful in getting this to work on any of our projects. If you are able to make it work, it's a cleaner approach.

https://developer.tenten.co/how-to-host-webflow-behind-cloudflare-proxy?showSharer=true

FAQs

Answers to frequently asked questions.

Videos
No items found.
Table of Contents
Comments
Need help with your project?
Talk to us
Want to show your appreciation?
Buy us a beer
Did we just make your life better?
Passion drives our long hours and late nights supporting the Webflow community. Click the button to show your love.
Buy us a beer