Nginx + Cloudflare Web Server Configuration On Raspberry Pi 4 (Part 2)

Hello, welcome to part 2, make sure you have seen part 1 before going to this stage. At least you already have a domain that is already connected to your Cloudflare dashboard. Ok, right off the boat, for part 2 this time we will configure Cloudflare SSL, Optimization to security. Then you can open your domain that connected to the Cloudflare dashboard and on the menu click the “SSL / TLS” tab as below:

In SSL / TLS settings select Full (strict) for best security

In the SSL / TLS settings select Full (strict). Here we will send and receive data from encrypted from Cloudflare for best security, avoiding sniffing and spoofing on our local network. And also Cloudflare will encrypt the data to the browser connected to Cloudflare so that the data is more secure. For this method we need an origin certificate from Cloudflare which we will later install on our webserver later, you can download it in the SSL / TLS tab > Origin Server as shown below:

here I have made it before for this web, you can create a certificate if there is no

As shown above I have activated for my 2 domains. Before creating a certificate, don’t forget to turn on Authenticated Origin Pulls and after that you can click create certificate and a display will appear as below:

Choose RSA (2048), the domain you want & certificate validity is up to you

Furthermore, for the private key type, select RSA then in the Hostname list here will automatically apply SSL to your domain, for default he will apply to the main domain and first-level subdomains ( will use SSL but not Furthermore, the certificate validity is up to you, I am going to use 15 years so that I don’t change the SSL certificatefor 15 years. When everything is done, you can click on Create then Cloudflare will generate 2 certificates which we will have to save later. For example, as shown below:

Cloudflare will generate origin certificate & private key

After you find the display above, don’t rush to the close because we have to save the two certificates. Make sure the Key Format is in PEM form for the certificate. Maybe you can first save all these certificates as backups later, then you can start turning on your Raspberry Pi 4 which has installed OS (for me, I use Ubuntu Server 20.04) and Login Super User then we can start implementing SSL to our webserver.

  1. For Origin Certificate you can save it in the directory /etc/ssl/certs/ , with the file name =
    Easier: nano /etc/ssl/certs/
    then paste the Origin Certificate
  2. For the Private Key you can save it in the directory /etc/ssl/private/ , with the file name = domain
    Easier: nano /etc/ssl/private/
    then paste the Private Key
  3. Then for the last step since we enabled Authenticated Origin Pulls, we have to download the Origin Pulls Certificate. You can search in this URL with the file name origin-pull-ca.pem and enter it in the directory /etc/ssl/certs/
    It’s easier:
    cd /etc/ssl/certs/

Next we will change all incoming requests using HTTPS, and for that we have to enable Always Use HTTPS & Automatic HTTPS Rewrites on THE SSL/TLS > Edge Certificate. You can see the example image below:

Enable Always Use HTTPS
Enable Automatic HTTPS Rewrites

And finally finished for the Cloudflare integration problem & SSL Certificate men. Next, we just have to configure the Ubuntu Server to connect to cloudflare CDN. So here I end Part 2 here, and for part 3 later we will fully use our Raspberry Pi 4 so make sure you are ready. You can remotely use SSH or directly configure it later, and oh yes, make sure your router has you port forwarded to your rapberry pi and have opened ports 80 & 443. Ok, if you see you in part 3, friends 🙂

Previous ArticleNext Article