Discourse also supports using a separate subdomain to serve static assets, which is a setup I like, because then Cloudflare handles compressing and optimising all our images and stylesheets for us, but has no visibility of the actual content of our website, which is still exchanged encrypted with our own server. wdyt?
BTW all the content is encrypted in any case with our own server private
key and with Gandi intermediate certificate, even if POPed in another CF
place, there is no MITM as we don’t use the certificate of CF (the
flexible security), but the one of our server.
We are using a Cloudflare provided certificate now. If you open the SSL information box, it says we’re using Comodo ECC Domain Validation (as provided by cloudflare), not Gandi.
However, it seems Discourse has removed the option to use a CDN for static assets only, so I think this is all we can do with Cloudflare for now, and hopefully they’ll add it back in again in a later release.
I made a ML post, but just checking here too;
Does Jasper have IP based rate limiting? I was getting connection errors when browsing the OMA landing page yesterday, and our number of visitors dropped a lot in Piwik (since most of our visitors are to there, I flicked it off CloudFlare just in case this is indeed the issue).
Update: visitor numbers have gone back up since I turned CloudFlare off for the main page. I think we need to look at whitelisting the CloudFlare IP addresses, and it will be a couple of days before I will be available again.