you get authenticated_origin_pull_ca.pem from https://developers.cloudflare.com/ssl/static/authenticated_origin_pull_ca.pem
bind *:443 ssl crt /etc/haproxy/ssl/certs ca-file /etc/haproxy/ssl/authenticated_origin_pull_ca.pem verify optional/etc/haproxy/ssl/certs is a directory containing pem files for your domains e.g. /etc/haproxy/ssl/certs/simple.example.com.pem
verify optional can be changed to verify required. This will force the client to provide a client certificate and if they don’t they get SSL handshake error.
Lastly you need to enable this settings in the SSL/TLS -> Origin Server menu in the CloudFlare console for your domain.
Leave a Reply