How to setup Heroku custom domain with DNS? - ssl

Short story: I build a web app, hosted it on Heroku, I have a domain from a Dutch provider "mijndomein.nl" Now I want to use the custom domain for my app.
I have followed the Heroku guide, but without success, I have watched a few videos, but the DNS settings in the videos are not exactly the same as I have at the mijndomein DNS control panel, and since I don't have a lot of experience setting up DNS and domain pointing I can't figure it out for my self. I will provide a screenshot of the mijndomein settings, and probably you will laugh that I haven't figured it out already and tell me how it works.
I'm confused with the * wildcard domain, and if the www (is a subdomain or not) that's not 100% clear in the Heroku guide. Heroku says that wildcard domains are not allowed when using ACM (automatic SSL certificate), but I need to obtain SSL ofc. and mijndomein's base settings looks to be using a * wildcard DNS. How do I set it up correctly so that when I enter:
oppascentrale.nl -> I go to my heroku app with SSL
www.oppascentrale.nl -> I go to my heroku app with SSL
Do I add with or without 'www' in the heroku control panel when adding custom domain?
This is how mijndomein DNS settings looks like when I do a factory reset
I'm also not sure if I can delete some of the DNS settings lines? I can't read anywhere if any of these different settings will interfere with each other.
As you can see in the shot below, Heroku is not exactly clear about how the custom domain should be added, first with, and then without 'www.' - I have tried both, but neither seemed to work with their SSL.
I also never managed to access my app from oppascentrale.nl, Do I some how have to redirect to www.oppascentrale when hitting oppascentrale.nl? And if yes, how do i set up that?

Related

How to change the http into https for my domain name?

I recently bought a domain name at OVH for an app I hosted on Heroku. I then paid for the dynos in order to set an automatic SSL certificate.
Everything seems to me working fine:
Domain Status Last Updated
─────────── ─────────── ────────────
mpjrigot.eu Cert issued 2 minutes
mpjrigot.fr Cert issued 2 minutes
But my URL is still in HTTP. What am I missing?
EDIT
I'm using React.js for this app
I also have a Ruby on Rails back but for nom i'm keeping that on the heroku.app, works fine
2nd EDIT
Using react-https-redirect, force-https or react-ssl-redirect...
Basically, chrome tells me that "this is not a safe space", and that this is a fake https that might want to steal the user's passwords and stuff
So I got an SSL that is set on my HerokuApp,
I got a domain on OVH that points to the IP of the app
But the http isn't secure somehow
I really think I missed something obvious as I'm new to this...
You can add HTTPS to your app with the following methods.
Method1 (Recommended)
Since, you're using rails for the backend, you can configure your rails app to always use HTTPS.
in your production.rb add
config.force_ssl = true
More Info: https://help.heroku.com/J2R1S4T8/can-heroku-force-an-application-to-use-ssl-tls
ActionDispatch SSL: https://api.rubyonrails.org/v6.1.4/classes/ActionDispatch/SSL.html
Method2 (Easy Setup)
You can also signup for cloudflare's free plan and easily setup https redirects with cloudflare's 'Always Use HTTPS' or 'Automatic HTTPS Rewrites' feature.
The 'Always Use HTTPS' feature will redirect all http requests on your site to https address.
The 'Automatic HTTP Rewrites' feature will change the HTTP links on your site to HTTPS links.
More Info here:
Always use HTTPS: https://blog.cloudflare.com/how-to-make-your-site-https-only
Automatic HTTPS: https://www.cloudflare.com/website-optimization/automatic-https-rewrite/
Cloudflare's SSL: https://www.cloudflare.com/ssl/
cloudflare dashboard
What am I missing?
Heroku provides a certificate, so you should be able to access your application using https://. However it does not redirect HTTP requests to HTTPS for you:
Redirects need to be performed at the application level as the Heroku router does not provide this functionality. You should code the redirect logic into your application.
Exactly how you do that depends on the language and libraries or framework that you are using. Several common examples are listed in the link I provided above.
If you edit your question to tell us what technology you have used to build your application I'll be happy to add those details to this answer. In case you are using Scala, please see How to disable HTTP requests on Heroku and/or auto-redirect to HTTPS?
solution
I eventually read about Heroku needing a specific host that takes in the address they tell you to point to when setting a domain name...
So I switched to Gandi for my domain name and set the ALIAS to point to said adress
Works like a charm

mysite.com/api and mysite/images not being aliased to my domain

I have a site being hosted on heroku so I can go to myapp.herokuapp.com/ and my SPA loads. I got a domain and used cloudflare with a CName record to alais mydomain.com to myapp.herokuapp.com. Great the sites load. Within my SPA i load some images. If my app loads directly from heroku *myapp.herokuapp.com/images/filex.png" it works fine but if I call (or type in the address bar) myDomain.com/images/files.png" I just get my site back like i types mydomain.com
Is this an issue with cloudflare? Do i need additional routing rules?
or is this an issue with my express server that is serving the app and images? does the redirected
request look different and do I need to add code to handle the redirect?
I'm not sure why the redirect is happening without more information. My best guess is that you need to follow these instructions from Heroku. Without this, Heroku servers will have no idea what to do with a request that has a host header of mydomain.com, and will perform in some unexpected way. Heroku needs some way on its side to know that all mydomain.com requests should be handled identically to myapp.herokuapp.com requests.
If this configuration is already in place, your underlying code needs to handle myapp.herokuapp.com and mydomain.com, but I believe by default express will not care about hostname.
Seems to have been an issue with heroku. It’s working fine on aws.

Cannot connect Heroku to custom Google Domain

In Heroku, my domain name for www.[somesite].com shows an ACM Status of "OK".
I also am using automatically managed SSL.
On Google Domains, I have a CNAME for www pointing to the DNS target.
I also have a synthetic record forwarding # for .[somesite].com to https://www.[somesite].com, with Temporary Redirect, Do not forward path, and Disable SSL.
If I use "Enable SSL" I get an error saying that:
The SSL Certificate for this domain hasn't been created yet.This process may take up to 24 hours to complete.
However, the site does not work. I do not know why Heroku shows that it does nor why it gives a ACM Status of OK.
I have been beating my head against this for several hours and have no idea what to do. Anyone have an idea?
Updated 2021
The following guide will help you to set up a website with SSL and forward all versions of your site to the appropriately secured site (https).
(Heroku) Deploy the site on Heroku (either with CLI or Github integration)
(Heroku) Upgrade to the "Hobby" Dyno (for $7).
(Heroku) Add SSL by going to Settings -> Configure SSL. Choose "Automatically".
(Heroku) Add a domain (on heroku.com) by clicking "Add domain". Be sure to use www in the domain name. So the Domain Name text field would be "www.example.com".
(Google Domains) Add a Custom Resource Record
Name: www
Type: CNAME
TTL: 600
Data: URL from Heroku
For example, behavior-apple-eh2cfqgjkiop23q1wvd4372b.herokudns.com.
(Google Domains) Add a Synthetic Record
Subdomaine Forward
Subdomain: #
Destination URL: https://www.example.com
Permanent Redirect (301)
Forward path
Enable SSL
(Google Domains) If you are using a domain that requires DNSSEC (such as a .dev domain), enable DNSSEC in the DNSSEC section.
You will have to wait about 15 minutes for everything to propagate. At the conclusion of the 15 minutes, you will be able to go to every combination of your site, and it will redirect to https://www.example.com.
Some of the errors you may see along the way are as follows:
ACM Issue
On Heroku:
ACM is failing for 1 domain name
www.example.com Unable to resolve DNS for www.exampe.com
Solution: the reason you are seeing this is because your CNAME is not set up on Google Domains. Complete step (5) above to resolve this issue.
Extra Period Issue
(On Google Domains) "A period keeps getting added to the end of the "Data" section of the URL when I put it in."
Solution: This is expected.
Helpful images
Final Heroku Page
Final Google Domains Page
Resources
Other StackOverflow answer
My root domain isn’t working, what’s wrong?
Heroku Devcenter: Add a Custom Root Domain

Pointing GoDaddy DNS to GitHub page uses http over https

I have my DNS settings as shown in the image
DNS Setting along with an additional CNAME with host www and value as my GitHub page. Next I setup a CNAME entry in my GitHub page with an apex entry to my domain. The issue I face is that whenever I visit my domain with an https protocol, it shows a warning that the connection is not secure. I get the following in Chrome:
NET::ERR_CERT_COMMON_NAME_INVALID
How do I fix this? I have both https and http access for my domain.
UPDATE: Github introduced custom domain support for HTTPS on May 1, 2018.
If you are using GoDaddy and want to upgrade to HTTPS, do the following:
Go to DNS settings for your site in your GoDaddy account.
Remove all existing A records.
Open a terminal and do dig +noall +answer <YOUR-USERNAME>.github.io. You should see a table listing 4 slightly different IP addresses:
On GoDaddy, create 4 new A records, each one pointing to one of the IPs. For host use # and set the TTL to a low user-defined value (if you are in a hurry).
Go to your page repository settings on Github, and clear the custom domain name and save. Wait a while (minutes).
When executing dig +noall +answer <YOUR-CUSTOM-DOMAIN> yields the 4 IP addresses that you entered in the A records, go back to the Github repository settings and re-enter and save your custom domain name (which you just cleared) in the custom domain cell.
Optionally, check the box Enforce HTTPS. But make sure that https://<YOUR-DOMAIN>is responsive first.
Make sure you have a CNAME record in your DNS settings also. Host should be www and it should point to your <YOUR-USERNAME>.github.io.
Make sure there is a file in your website repository named CNAME containing the name of your custom domain (in my case ulfaslak.com).
Reference
EDIT: Please see answer below by Arturo Herrero: https://stackoverflow.com/a/50203412/462015
GitHub pages does not support HTTPS for custom domains.
The only work around for doing so is to use an SSL provider as the middle man, such as Cloudflare. However, this would involve pointing your DNS name servers at Cloudflare's, which takes some time and complicates things.
If you want HTTPS support using GitHub pages you'll have to use GitHub's provided URL instead of your custom domain.
Another great option for static sites if you want custom domain name HTTPS is Amazon Web Services. You could set up an S3 bucket for your static website, configure CloudFront to distribute the static content, point your domain name at the CloudFront distribution, and use a free SSL certificate from Amazon's cert manager. This option comes out to less than $1/Month with a low-traffic website. A great in depth tutorial for that would be here.
I hope this answered your question! GitHub pages is a great hosting option, and it's not the end of the world if you decide to forget about HTTPS.
Custom domains on GitHub Pages gain support for HTTPS since May 01, 2018
https://blog.github.com/2018-05-01-github-pages-custom-domains-https/

How do I disable HTTPS on Heroku

I created a site and put it on Heroku. I then added a custom domain (e.g. "site.example.com") in the Heroku control panel and I pointed the DNS to my Heroku address. This works fine, but when I visit the site, I get a big browser warning, saying the certificate is for herokuapp.com, not for "site.example.com". How do I turn off HTTPS or fix it in some other way? (I don't need my own SSL certificate for the site.)
Note: It's not Heroku's fault if your app is forcing people onto SSL. Check production.rb to make sure it doesn't say:
config.force_ssl = true
If it does, change it to false:
config.force_ssl = false
Unfortunately, you can't prevent someone from attempting to access your site via SSL. That is to say that anyone can simply add https to to beginning of ://site.example.com. I would recommend that you open a support ticket to allow the Support team to look into your current configuration. Unfortunately, the Piggyback SSL that exists at *.herokuapp.com for Cedar apps bleeds through unless you have your own SSL certificate that is specified using the ssl:endpoint add-on.
The fact is, even if the Piggyback SSL wasn't in place, your visitors would still receive an error when going to the SSL version of your site. You might consider purchasing a seriously cheap SSL cert from some place like Namecheap (looks like you can pick up a super-simple cert for $8/yr) JUST to get rid of the errors. You can then enforce redirection to the non-SSL version of your site and all is well!
This may not be the best practice but nevertheless if you desperately want to force "NO-SSL", then you may do it via JavaScript code as follows.
window.onload=function(){
$(function(){
if(window.location.protocol==="https:")
window.location.protocol="http";
});
}