I have a site being hosted on heroku so I can go to myapp.herokuapp.com/ and my SPA loads. I got a domain and used cloudflare with a CName record to alais mydomain.com to myapp.herokuapp.com. Great the sites load. Within my SPA i load some images. If my app loads directly from heroku *myapp.herokuapp.com/images/filex.png" it works fine but if I call (or type in the address bar) myDomain.com/images/files.png" I just get my site back like i types mydomain.com
Is this an issue with cloudflare? Do i need additional routing rules?
or is this an issue with my express server that is serving the app and images? does the redirected
request look different and do I need to add code to handle the redirect?
I'm not sure why the redirect is happening without more information. My best guess is that you need to follow these instructions from Heroku. Without this, Heroku servers will have no idea what to do with a request that has a host header of mydomain.com, and will perform in some unexpected way. Heroku needs some way on its side to know that all mydomain.com requests should be handled identically to myapp.herokuapp.com requests.
If this configuration is already in place, your underlying code needs to handle myapp.herokuapp.com and mydomain.com, but I believe by default express will not care about hostname.
Seems to have been an issue with heroku. It’s working fine on aws.
Related
I recently bought a domain name at OVH for an app I hosted on Heroku. I then paid for the dynos in order to set an automatic SSL certificate.
Everything seems to me working fine:
Domain Status Last Updated
─────────── ─────────── ────────────
mpjrigot.eu Cert issued 2 minutes
mpjrigot.fr Cert issued 2 minutes
But my URL is still in HTTP. What am I missing?
EDIT
I'm using React.js for this app
I also have a Ruby on Rails back but for nom i'm keeping that on the heroku.app, works fine
2nd EDIT
Using react-https-redirect, force-https or react-ssl-redirect...
Basically, chrome tells me that "this is not a safe space", and that this is a fake https that might want to steal the user's passwords and stuff
So I got an SSL that is set on my HerokuApp,
I got a domain on OVH that points to the IP of the app
But the http isn't secure somehow
I really think I missed something obvious as I'm new to this...
You can add HTTPS to your app with the following methods.
Method1 (Recommended)
Since, you're using rails for the backend, you can configure your rails app to always use HTTPS.
in your production.rb add
config.force_ssl = true
More Info: https://help.heroku.com/J2R1S4T8/can-heroku-force-an-application-to-use-ssl-tls
ActionDispatch SSL: https://api.rubyonrails.org/v6.1.4/classes/ActionDispatch/SSL.html
Method2 (Easy Setup)
You can also signup for cloudflare's free plan and easily setup https redirects with cloudflare's 'Always Use HTTPS' or 'Automatic HTTPS Rewrites' feature.
The 'Always Use HTTPS' feature will redirect all http requests on your site to https address.
The 'Automatic HTTP Rewrites' feature will change the HTTP links on your site to HTTPS links.
More Info here:
Always use HTTPS: https://blog.cloudflare.com/how-to-make-your-site-https-only
Automatic HTTPS: https://www.cloudflare.com/website-optimization/automatic-https-rewrite/
Cloudflare's SSL: https://www.cloudflare.com/ssl/
cloudflare dashboard
What am I missing?
Heroku provides a certificate, so you should be able to access your application using https://. However it does not redirect HTTP requests to HTTPS for you:
Redirects need to be performed at the application level as the Heroku router does not provide this functionality. You should code the redirect logic into your application.
Exactly how you do that depends on the language and libraries or framework that you are using. Several common examples are listed in the link I provided above.
If you edit your question to tell us what technology you have used to build your application I'll be happy to add those details to this answer. In case you are using Scala, please see How to disable HTTP requests on Heroku and/or auto-redirect to HTTPS?
solution
I eventually read about Heroku needing a specific host that takes in the address they tell you to point to when setting a domain name...
So I switched to Gandi for my domain name and set the ALIAS to point to said adress
Works like a charm
Short story: I build a web app, hosted it on Heroku, I have a domain from a Dutch provider "mijndomein.nl" Now I want to use the custom domain for my app.
I have followed the Heroku guide, but without success, I have watched a few videos, but the DNS settings in the videos are not exactly the same as I have at the mijndomein DNS control panel, and since I don't have a lot of experience setting up DNS and domain pointing I can't figure it out for my self. I will provide a screenshot of the mijndomein settings, and probably you will laugh that I haven't figured it out already and tell me how it works.
I'm confused with the * wildcard domain, and if the www (is a subdomain or not) that's not 100% clear in the Heroku guide. Heroku says that wildcard domains are not allowed when using ACM (automatic SSL certificate), but I need to obtain SSL ofc. and mijndomein's base settings looks to be using a * wildcard DNS. How do I set it up correctly so that when I enter:
oppascentrale.nl -> I go to my heroku app with SSL
www.oppascentrale.nl -> I go to my heroku app with SSL
Do I add with or without 'www' in the heroku control panel when adding custom domain?
This is how mijndomein DNS settings looks like when I do a factory reset
I'm also not sure if I can delete some of the DNS settings lines? I can't read anywhere if any of these different settings will interfere with each other.
As you can see in the shot below, Heroku is not exactly clear about how the custom domain should be added, first with, and then without 'www.' - I have tried both, but neither seemed to work with their SSL.
I also never managed to access my app from oppascentrale.nl, Do I some how have to redirect to www.oppascentrale when hitting oppascentrale.nl? And if yes, how do i set up that?
I have configured my GoDaddy DNS through Cloudflare, pointing at Heroku's URLs (ivanteong.herokuapp.com) after adding www.ivanteong.com and ivanteong.com to custom domains of Heroku.
I have also added the CNAME for ivanteong.herokuapp.com to Cloudflare for its root and www, configured "Full" for the Crypto settings and enabled "Automatic HTTPS Rewrites". This is to make the site appear as HTTPS. I have also added Page Rules such that everything redirects to https://www.ivanteong.com.
However, I have been facing consistent issues with loading the pages on my website, in order of frequency:
1) When going to different pages on ivanteong.com, it will sometimes reach "There is nothing here yet" page on Heroku. Sometimes, it happens on the main site, other times it happens on the subpages. Visitors need to refresh the page multiple times before the actual page will load and the error page on Heroku is gone. This is bad for user experience as most of the time, users won't bother reloading as they will think the site is broken. I'm suspecting it has something to do with the rerouting of DNS or the DNS connection between Cloudflare and Heroku. I'm on the free tier on Heroku, wondering if that is the problem?
2) Sometimes, some of the assets such as the Javascript library or images will not load fully, and the site will appear without the images loaded or the UI scrambled, only resolved when I refreshed the page. It looks as if they load 80% of assets the first time and only finish loading everything after I reload the page. I'm wondering if it is something to do with forcing HTTPS encryption over all the assets?
I was also facing a similar problem. When I try to load(via https) https://example.com I was getting no app found error. I fixed it by adding multiple domains in heroku custom domain settings. I added both, domain with www subdomain and naked/root domain to heroku and now i get redirection to www.example.com but I don't get the no app error. I hope this might work for you as well.
I've setup 'ssl endpoint' on heroku and that works great. I have a cname for www.miketown3.com pointing to osaka-4635.herokussl.com. https is working great.
However, when I GET http://www.miketown3.com, I get redirected to https://www.miketown3.com and I want to remain on http. When testing my app locally this does not happen. Also, when watching the traffic in chrome, I see no http level redirection of any kind. There's just a request to http://www.miketown3.com with no response. Then immediately the next request is to https://www.miketown3.com, but this time there is a valid response.
My question, where is this redirection happening and how can I stop it? Thanks a bunch!
Since your www subdomain is pointed to osaka-4635.herokussl.com, the server at this address performs the redirection. To stop it, you have to remove the ssl endpoint addon, and change your DNS records per https://devcenter.heroku.com/articles/custom-domains (e.g. point your root and www subdomain to yourapp.herokuapp.com)
I'm not 100% sure what you question is but if you only want HTTPS for certain parts(urls) of your website and assuming you are using rails you can add the gem 'rack-ssl-enforcer', this will allow you to specify what parts of your website redirect to https i.e. login
This was a chrome cache thing.
I run a secure website on Apache, but one part requires YouTube videos that aren't showing due to the SSL blocking them.
I therefore need to use HTTP for this part of the site (/videos). If I delete the 's' off https, it jumps back in there so can't simply change the link to it.
Is there a mod_rewrite code or something similar that might add an exception to this directory?
Switching from HTTPS to HTTP will always cause problems, especially if your users are authenticated and if you want to maintain security.
You could use YouTube via HTTPS instead, as described on the YouTube API Blog.