Hiding spaces behind cloudflare?

Hello, There was a post in 2019 at

and there is a short comment reply by @paulieg:

  1. Create Space + CDN
  2. Create a desired CNAME for your DO CDN
  3. use Cloudflare’s tool to create origin server self-signed SSL Cert specifically for the CNAME created in step 2.
  4. Use Spaces CDN option to add new subdomain certificate. Use the certificate details from step 3.
  5. You can then proxy via Cloudflare.

However, it is not a complete tutorial, and here are questions for now in 2023:

Since it was posted in 2019, here are questions in 2023:

  1. In step 1, since we already enabled CDN for created space, so there are two domains for the created space:

Origin Endpoint:

CDN Endpoint:

  1. In step 2, when creating CNAME for DO CDN, for example, we use a subdomain of, which one of the above two endpoints should be input in the target of CNAME setting?

Origin Endpoint or CDN Endpoint is the better setting to match?

  1. Question: after setting a self-signed SSL cert for the subdomain to Digitalocean Space CDN, which ### SSL/TLS encryption mode should be set for better compatibility?

Off (not secure) Flexible Full Full (strict)

  1. For daily operation purposes, how should manage or purge the cache?

Since there are two layers of cache on Cloudflare CDN and Digital Space CDN,

what is the best way to manage the cache, please?

It would be great if there is a Digitalocean official tutorial. or an answer by you guys with a professional tech background.


Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer