Cloudflare & Subdomains
We've recently been using Cloudflare in front of applications for several reasons, such as a floating IP address, DDoS protection, automatic SSL generation, analytics, page optimisation, web application firewall, and many more. I highly recommend you look to see if it fits your needs for any application you're developing. One of the problems that I ran into earlier was an error when setting up some subdomains. I kept on getting ERR_SSL_VERSION_OR_CIPHER_MISMATCH, and I couldn't figure out why. Some subdomains were working, and some weren't. Was this because of the SSL certificate on the server or something else??? If you've seen a similar error to the one below, then you've arrived at the right place!
I figured that the servers hosting my applications (i.e. my servers) must've been using an incorrect version of TLS, or maybe HAProxy and Nginx had cyphers that Cloudflare didn't support. I played around with TLS versions and supported cyphers, but nothing resolved the issue. I searched on Google and found some cryptic references to the Cloudflare packages and subscription upgrades, but I couldn't quite see from the articles what the actual reason was. A few articles I found included,
The last entry actually described the issue in the most detail. It mentioned a dedicated SSL certificate, but that wasn't a part of any of the packages on their site. So I went back to the SSL section on their dashboard and started reading more about the Universal SSL Certificate it provides. It turns out that is where the limitation lies. For instance, if you own example.com, then the Universal Certificate covers:
It does not, however, cover:
So it actually works incredibly well when your subdomain is only a single tier, but having multi-tier subdomains doesn't work in the same way. For that, you'll need to buy an Advanced Certificate (and it's not very expensive, so no need to start stressing ;P)!
After figuring that out, everything is working incredibly well and as expected. A Pro Plan with the Advanced Certificate is all you'd need to have a full app with multi-tier subdomains up and running in no time!
I don't think I can emphasise enough how great Cloudflare is and how well it works. I'd suggest it becomes a part of any software developer's toolkit when building out new applications!
PS. There has been mention of Cloudflare affecting SEO performance. I've looked at Google Analytics on the sites we've applied it to, and I haven't seen any ill effects. In fact, I've seen improvements. I'd recommend that you watch for SEO performance after switching your site to Cloudflare, but I certainly wouldn't write it off without testing it.