# Secure Your Discourse Forum with Free SSL/HTTPS from CloudFlare

To use Cloudflare SSL instead of Let's Encrypt for your Discourse installation, follow these steps. Note that this process assumes you have already set up your Discourse server and have access to both your Cloudflare and server admin panels.

### Step 1: Setup Cloudflare for Your Domain

Ensure your domain is added to Cloudflare. Change your domain’s DNS settings to point to Cloudflare’s nameservers. This update is made at your domain registrar’s site.

### Step 2: Configure DNS Records in Cloudflare

1. Log into your Cloudflare account.
    
2. Select your domain.
    
3. Go to the DNS settings.
    
4. Add or confirm an A record pointing to your Discourse server’s IP address.
    

### Step 3: Enable SSL/TLS encryption mode

1. In Cloudflare, go to the SSL/TLS tab.
    
2. Set the SSL/TLS encryption mode to "Full" or "Full (strict)". “Full (strict)” requires a valid SSL certificate on the server, which you can initially get from Let's Encrypt (to replace later).
    

### Step 4: Install SSL Certificate on Your Discourse Server

1. Generate a Cloudflare Origin Certificate:
    
    * Go to SSL/TLS -&gt; Origin Server.
        
    * Click "Create Certificate".
        
    * Choose “Let Cloudflare generate a private key and a CSR”.
        
    * Set the "Hostnames" to include your domain (e.g., [`example.com`](http://example.com) and `*.`[`example.com`](http://example.com)).
        
    * Select the validity period (up to 15 years).
        
    * Click "Next" and copy both the Origin Certificate and Private Key.
        
2. Access your Discourse server via SSH.
    
3. Save the certificate and key to files on the server (e.g., `/etc/ssl/certs/cloudflare_origin.pem` and `/etc/ssl/private/cloudflare_origin.key`).
    

### Step 5: Configure Discourse to Use the SSL Certificate

1. Edit the Discourse NGINX configuration to use the SSL certificate. Typically, this file is located at `/etc/nginx/conf.d/discourse.conf` or within the `/var/discourse/containers/` directory if using Docker.
    
2. Modify or add the following lines to the server block:
    

```nginx
ssl_certificate /etc/ssl/certs/cloudflare_origin.pem;
ssl_certificate_key /etc/ssl/private/cloudflare_origin.key;
```

3. Restart NGINX to apply the changes:
    

```bash
sudo systemctl restart nginx
```

### Step 6: Force HTTPS in Discourse

1. Edit the Discourse configuration file (`/var/discourse/containers/app.yml`).
    
2. Find the `env` section and add:
    

```yaml
  FORCE_HTTPS: 'true'
```

3. Rebuild Discourse:
    

```bash
cd /var/discourse
./launcher rebuild app
```

This setup will enable your Discourse forum to use Cloudflare’s SSL, providing an added layer of security through Cloudflare’s services.

Hi All, Explore [Cloudflare Consultant Tenten](https://tenten.co/) website for learn more or [contact us](https://tenten.co/contact) for tech support.

#### Learn more about Cloudflare SSL with Discourse

* [Using Discourse with Cloudflare: Best Practices - Tutorial - Cloudflare Community](https://community.cloudflare.com/t/using-discourse-with-cloudflare-best-practices/602890)
    
* [Force Discourse to use SSL/HTTPS through CloudFlare - documentation / admins - Discourse Meta](https://meta.discourse.org/t/force-discourse-to-use-ssl-https-through-cloudflare/49212)
