In this section, you'll learn how to manage the connection protocol between users and your website via VergeCloud's CDN edge servers. You can adjust settings related to HTTPS for content delivery, including configurations for VergeCloud's complimentary SSL/TLS certificate, as well as the option to upload your own certificate. Additional settings like HSTS and HTTP/2 can also be accessed in this section.
By activating this feature, your website users will connect to VergeCloud's CDN edge servers via the HTTPS protocol, ensuring secure communication with your domain.
Utilizing the VergeCloud certificate provides an SSL certificate via Let’s Encrypt, which remains valid for three months and will automatically renew.
curl -X POST https://api.vergecloud.com/v1/https/activate
You also have the option to upload your own SSL/TLS certificate. By choosing this route and uploading the necessary files, including the private key and certificate in PEM format, your domain will utilize the uploaded private certificate.
curl -X POST https://api.vergecloud.com/v1/https/upload
Activating this setting ensures that all HTTP traffic is redirected to HTTPS automatically. This process is achieved through HSTS (HTTP Strict Transport Security), which provides an additional layer of security and protects against potential Man-in-the-Middle attacks. Once HSTS settings are cached, any changes cannot be made until the configuration period expires.
curl -X POST https://api.vergecloud.com/v1/https/default
This option automatically updates all HTTP links in HTML and JavaScript files to HTTPS versions.
curl -X POST https://api.vergecloud.com/v1/https/rewrite
In this section, you can choose the minimum supported TLS version. Users with older TLS versions will be unable to access your site over HTTPS.
curl -X POST https://api.vergecloud.com/v1/https/tls
The HSTS protocol is designed to ensure secure transition from HTTP to HTTPS. You can manage advanced settings via the VergeCloud user panel, such as the required duration for browsers to maintain HTTPS, subdomain compatibility with HSTS, and preparation for search engines.
Clicking on "Edit Settings" allows the activation of these features.
Typically, users connect to servers using the HTTP protocol. If secure connections are mandated, these requests should automatically convert to HTTPS. Standard methods may pose security risks, while HSTS provides a robust solution by allowing only HTTPS access through defined security policies communicated via a Strict-Transport-Security header.
curl -X POST https://api.vergecloud.com/v1/https/hsts
Upon receiving a request, the server sends an HSTS header with policies such as:
Strict-Transport-Security: max-age=2628000; includeSubDomains;
This configuration means that the domain and all subdomains will only be accessible via HTTPS for the next 2,628,000 seconds (approximately 1 month). The browser then performs two critical actions:
http://www.vergecloud.com
into https://www.vergecloud.com
.When a user accesses a website for the first time under insecure conditions, there is a potential security risk if HSTS policies are applied at that moment. To mitigate this, Google has opted to hardcode certain websites for mandatory HTTPS usage within the Chromium project. You can submit your domain for inclusion on this list by following the guidelines, ensuring your site meets these criteria:
VergeCloud automatically handles these configurations for you; you just need to add your domain to Google's list. Currently, this applies to browsers like Google Chrome, Firefox, Opera, Safari, and soon Internet Explorer.
You can determine the method of connection between your website's main servers and VergeCloud's edge servers. The connection can be set to HTTP, HTTPS, or automatic. To utilize HTTPS or the automatic setting, your server must support the HTTPS protocol.
In the automatic configuration, the connection protocol is determined by user requests. You can specify the connection protocol for each record in the activation section. If the protocol is set to default, the configurations from this section will apply.
curl -X POST https://api.vergecloud.com/v1/connection/protocol
![](image-placeholder.png)