You might already have noticed some changes when visiting my website. I enabled HTTPS/SSL via Cloudflare and MaxCDN. With that you’re now also getting this site served through SPDY / HTTP/2.

Preparations

Nearly none. Except you need to change your nameservers to Cloudflare nameservers so they can handle your requests. This can take up to 48hrs to be distributed to the nameservers over the world.

You also need:

• Free (or paid) Cloudflare account (if you use SharedSSL)
• A paid MaxCDN plan (but anyone of this will work if you use SharedSSL)
• A hoster which let’s you target your domain’s Nameservers to Cloudflares Namerservers (not all do)

Enable SSL and SPDY

Uhm, that was literally the easiest thing. Just sign in to your accounts, enable shared SSL options, enable SPDY / HTTP/2, too, to get the speed boost.

For MaxCDN, go to manage your pull zone, switch to the EdgeSSL tab, enable Shared SSL and SPDY in one go. You now need to rewrite all your URLs to be protocol relative (i.e. /) and to use the new SSL enabled hostname (it’s different if you don’t use custom domain and custom SSL). It took my 1 minute.

For Cloudflare, it’s a bit more complicated (by nature) as you have more options. First, set up your domain and target your domain to the new nameservers. You now adjust your settings. I chose low security profile, IPv6 support (yay, “full-in”), Pseudo IPv4 off, SPDY 3.1 on, Always online, and flexible SSL on. You want to disable RocketLoader if you’re using SPDY, and depending on how you deal with assets you also don’t want to let them minify your JS, CSS.

Drawbacks

As currently I’m only using a shared SSL option this means in some browsers users get a warning that the certificate doesn’t match my domain name. Some very restrictive, old proxies therefore will not show my site anymore without adding an exception. And, as I haven’t enabled IPv4 fallback, the user needs to support IPv6 to visit my website.

Well, that’s it. Nothing special, it was very easy. Try yourself and secure your site!

Further options

• GitHub Pages: Yup, that’s where my content lies. To redirect your http pages to SSL you need to set up a page rule in Cloudflare. Just set the pattern to http://helloanselm.com/* and add the rule Always use HTTPS: on.

• Get your own certificate: This avoids non-matching domain issues in browsers and can be even more secure. But in that case you’d need a paid Cloudflare account and also (if applicable) a paid premium MaxCDN account.