I have a Rails 5 app with Heroku's SSL added. www.example.com and example.com works fine but when I preface my site with "https://" It doesn't work, but "http://" works.
I'm using Namecheap.com for my DNS. How do I go about getting "https://example.com" to direct to my heroku app?
What you need to do is :
You need to have SSL Endpoint addon added to your heroku app
It will provide a EndPoint URL for your heroku app.
https://devcenter.heroku.com/articles/ssl-endpoint
And you need to add SSL cert configured brought from third party vendors.
Then you can add CNAME record with with given EndPoint URL from SSL Endpoint plugin.
Make sure to add this in config/environments/production.rb
config.force_ssl = true
It will work then.
Related
I'm trying to set up SSL on my site that runs on Rails on Heroku. If I type any of following into the address bar of my browser, it loads:
www.example.com
example.com
https://www.example.com
But when I enter https://example.com (the root domain prefixed with https) Safari displays "This connection is not private". Why?
I have added www.example.com and example.com to my Heroku app.
heroku domains:add www.example.com
heroku domains:add www.example.com
I have configured the domain's CNAME and ALIAS to point to the DNS targets provided by Heroku.
Alias: # aaaaaa.herokudns.com.
CNAME: www bbbbbb.herokudns.com.
I have used heroku certs:auto:enable to configure Heroku to manage my site's SSL certification.
I have configured rails to force ssl in production:
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
config.force_ssl = true
What do I need to do to ensure that the site loads correctly when the user enters the root domain prefixed with https into the URL bar?
I have an app that has a rails backend and react frontend. In Heroku i have two custom domain names one for the front end and one for the backend and both have SSL certificates via Heroku SSL.
In my production.rb file I have
config.force_ssl = true
But for some reason my app is not redirecting to HTTPS. The app works and everything but it still has the http link thats not secure. I am using react router on my frontend. Does anyone have ideas to why this may not be working? Or have any other ideas on how I can successfully redirect?
I have a domain with ssl running rails app. Currently on production I already enabled config.force_ssl = true, the ssl works perfectly. Now the issues is, if I typed example.com it redirect to https://example.com but I need it to redirect back to https://www.example.com.
My rails app running on AWS. Thanks!!
I keep getting security certificate errors when I access my Heroku app connected to my site's subdomain. So far, I have successfully connected my website's subdomain (news.mysite.com) to my app using a Heroku domains and my nameserver but my site keeps routing to a https:// version of the herokuapp causing browsers to warn users about the sites certificate.
Can I remove the https routing to my app, or ensure that the browsers ignore the security certificate from Heroku?
CName:
| Host | Points to |
| www | sheltered-plains-7225.herokuapp.com |
| news | news.mysite.com | <-- Https Errors
If you need SSL and wish to use a custom subdomain then you must purchase a license for the subdomain and Add Endpoint for Heroku.
Heroku's SSL license is a wildcard that will cover all of it's own subdomains under *.herokuapp.com. So sheltered-plains-7225.herokuapp.com is covered but news.mysite.com is not.
If you do not need SSL then you should change your environment.
in /config/environments/production.rb change
config.force_ssl = true
to
config.force_ssl = false
this will route to http instead of https
It would normally be within your app that the redirect to https is done.
Unless you have the Heroku SSL endpoint add-on and an SSL certificate it will always error on https.
I'm deploying my existing https rails app to a staging server, and for some reason I keep getting redirected to the https version of the site (which is the desired behavior on the production server, but not on the staging on to which I'm deploying). On the staging server it doesn't return anything after getting redirected to https.
When I type in my.ip.add.ress in the browser, it redirects to https://my.ip.add.ress. I've checked that config.force_ssl = false. There does not appear to be any other function in my app that would redirect to ssl (searched for all occurrences of ssl and https in my app). rails c production boots up fine.
I'm not even sure my app is getting hit, as my production.log isn't being written to. Could apache be trying to redirect to ssl? There are no such directives in the apache2.conf (https://wiki.apache.org/httpd/RewriteHTTPToHTTPS).
I'm running Apache2 with the Passenger module. I don't have a .htaccess file in my app. It's a Rails 3.2 app.
Did you have "force_ssl = true" at one point? That would create a permanent redirect. Clearing your cache will fix that.
Or perhaps you've set the "Strict-Transport-Security" header on that domain? That would also force a redirect to the HTTPS version. To turn that off in chrome, navigate to "chrome://net-internals/#hsts". Then delete that domain. You can query it first, to see if exists in the cache.