Cloudflare has a nifty feature where you can configure your site to always be served over HTTPS. Of course, this does require you have already enabled SSL support for your site in the first place. However that is both very easy and free.
Check here for instructions for setting up basic SSL support on your CloudFlare hosted web site.
Check this writeup for enabling SSL all the way to your origin server.
Create a Page Rule for “Always Use HTTPS”
- Enter the URL for which the rule is enforced. In my case it’s everything.
- Select the rule from the drop down list
- Save and Apply
Always Use HTTPS rule enabled
When the rule has been successfully created, this is what it looks like.
SSL SNI (Server Name Indication)
As you can see, CloudFlare uses SNI to allow their proxy servers to host several sites behind one IP and not be forced to serve using one Multi-SAN certificate, which would be an administrative nightmare.
SNI has the drawback of not being supported by really old (and insecure, deprecated, not maintained) web browsers but that should be a fading issue.