You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After proxying a basic website through Cloudflare, you can use Terraform to adjust zone settings. In this tutorial, you will configure some optional HTTPS settings and then push the updated configuration to GitHub for posterity.
13
+
After setting up basic DNS records, you can configure zone settings using Terraform. This tutorial shows how to enable [TLS 1.3](/ssl/edge-certificates/additional-options/tls-13/), [Automatic HTTPS Rewrites](/ssl/edge-certificates/additional-options/automatic-https-rewrites/), and [Strict SSL mode](/ssl/origin-configuration/ssl-modes/full-strict/) using the updated v5 provider.
14
14
15
-
You will use a new Git branch for the changes and then merge it into the `master` branch before applying. On a team, you might consider using this step as an opportunity for others to review your change before merging and deploying it. You can also integrate Terraform into your CI/CD system to perform tests automatically using another Cloudflare domain.
15
+
## Prerequisites
16
+
- Completed tutorials [1](/terraform/tutorial/initialize-terraform/) and [2](/terraform/tutorial/track-history/)
17
+
- Valid SSL certificate on your origin server (use the [Cloudflare Origin CA](/ssl/origin-configuration/origin-ca/) to generate one for strict SSL mode)
Review what Terraform is proposing before applying changes. The example output below is being filtered to ignore computed values — in this case, settings that will keep their default values.
52
+
Review the proposed changes:
55
53
56
54
```sh
57
-
terraform plan| grep -v "(known after apply)"
55
+
terraform plan
58
56
```
57
+
Expected output
59
58
60
59
```sh output
61
-
Refreshing Terraform state in-memory prior to plan...
62
-
The refreshed state will be used to calculate this plan, but will not be
Note: You didn't use the -out option to save this plan, so Terraform can't
93
-
guarantee to take exactly these actions if you run "terraform apply" now.
94
-
```
95
-
96
-
The proposed changes look good, so you can merge them into the `master` branch and then apply them with `terraform apply`. When working on a team, you may want to require pull requests and use this opportunity to peer review any proposed configuration changes.
97
-
98
-
```sh
99
-
git add cloudflare.tf
100
-
git commit -m "Step 3 - Enable TLS 1.3, Always Use HTTPS, and SSL Strict mode."
101
-
```
102
-
103
-
```sh output
104
-
[step3-https d540600] Step 3 - Enable TLS 1.3, Always Use HTTPS, and SSL Strict mode.
105
-
1 file changed, 11 insertions(+)
106
-
```
107
-
108
-
```sh
109
-
git checkout master
110
-
```
111
-
112
-
```sh output
113
-
Switched to branch 'master'
114
-
```
64
+
# cloudflare_zone_setting.automatic_https_rewrites will be created
Before applying the changes, try to connect with TLS 1.3. Technically, you should not be able to with default settings. To follow along with this test, you will need to [compile `curl` against BoringSSL](https://everything.curl.dev/source/build/tls/boringssl#build-boringssl).
0 commit comments