URL Redirection and 1and1 - ruby-on-rails

I've got an app up and running on Heroku. I've purchased a top level .com domain from 1and1 (I have other sites there, so I thought that would make life easier).
When I attempted to redirect to my Heroku app, I was not allowed to modify the CName alias record like I have done for other sites - which were all subdomains. I was given two options: Frame redirect or HTTP redirect, I've tried both. The frame redirect doesn't seem to function at all - the page stays blank. The HTTP redirect does actually get to my heroku site, but when it displays the address bar shows myproject.herokuapp.com instead of mydomain.com.
I've added both the www.mydomain.com and mydomain.com to my heroku domains.
Is there anyway to add a mask or similar?

Short answer: you can not set CNAME for top of your domain.
Detailed answer: Why can't a CNAME record be used at the apex (aka root) of a domain?
Some DNS providers might offer workaround hacks.

Related

Confirguring Namecheap + Namecheap MX Records + Heroku HTTPS

I'm posting this because none of the other questions related to Namecheap/Heroku have helped me.
It doesn't seem to be possible to have a configuration where both of these are true:
https://example.com, https://www.example.com, http://example.com, http://www.example.com all end up loading the site
Emails get routed correctly to contact#example.com
The reason this doesn't seem to be possible is that in order for MX email records to work on Namecheap, there must not be a CNAME record for the naked domain. But for https://example.com to work, Heroku requires that I set up a CNAME for the naked domain (host # with value example.com.herokudns.com)
I tried using a URL Redirect record for the naked domain that goes to https://www.example.com but this does not cover the https://example.com case. But that's the closest I've come to having all cases working.
I ultimately don't care if a redirect happens to the www. version. I just need content to load for both naked and non-naked domains and for both https and non-https cases.
So aside from switching off of Namecheap, how can I get all the domains loading correctly and have email working as well?
So this configuration is now possible with namecheap/heroku.
Instead of choosing CNAME record type, pick ALIAS for the naked domain. Namecheap example of advanced DNS line would be like this:
(Type) (Host) (Value) (TTL)
ALIAS Record # heroku-weird-dns-target.herokudns.com 5 min
ALIAS will play along with both TXT and MX.
To have www working, just add the www.[yourdomain].com to heroku and set up a CNAME for the www on namecheap:
(Type) (Host) (Value) (TTL)
CNAME Record www heroku-dns-www-target.herokudns.com Auto
Now the http to https redirects should be handled by your application.
Also I would only use one of www or naked, and have the other rewrite url or redirect in the application.

Heroku - domain redirect. App displayed in a frame

I want to redirect myapp.herokuapp.com to mydomain.com.
What I was able to achieve with company that I bought a domain from (lets call them X) is to add new CNAME, so a www.mydomain.com displays myapp.herokuapp.com and that is OK.
What I also want to do is to be able to access the app without the need to write www before the rest of the address. It was said to me that I should change A record within domain configuration, but X company does not allow it. What I can (and what they recommended) is to set and option in domain configuration called IP/URL/host redirect to myapp.herokuapp.com.
Changing this makes my website available under the mydomain.com without the need to write www before, but what it also does is it displays the website in a frame.
What should I do to achieve this? Is this a heroku thing, the X company thing or should I change something in the way my website can be displayed?
Typing www.mydomain.com displays the website correctly - without the <frameset><frame></frame></frameset> tags.
In the Heroku Dashboard "Domains and Certificate" section, add to your custom domains both domain names, "www.mydomain.com" and "mydomain.com".
Make your DNS target the "mydomain.herokuapp.com" in both records.
Check https://devcenter.heroku.com/articles/custom-domains for more information.

Domain Mapping in WPMU

I'm running WordPress MultiUser and a plugin to allow for domain mapping.
I have a subdomain site subdomain.domain.com
and I want domain2.com to point to it.
My tech buddy double checked my WP settings and said everything was good there.
When I go to my existing subdomain.domain.com site I am now redirected to domain.com registration page.
When I go to domain2.com I get the following:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
Prior to the domain mapping attempt the sub.domain.com site worked fine
with sub.domain.com defined in Plesk as an alias of domain.com
I have domain2.com refined in Plesk as an alias of domain.com
I was told to have domain2.com made into an alias of sub.domain.com
but I don't see how to do that in Plesk.
Cloudflare is redirecting the domain2.com to the server correctly.
What am I missing?
It is probably best to contact CloudFlare so we can actually look at the zone file & then check any redirect rules on your server.
Just a quick note that mapped domains need to be added as individual domains, if not a subdomain of root domain, so that's why it is important for us to look at the zone file. If you're simply adding subdomains to a domain already added, then that is a different issue (WPMU plugin is also available through outside developer that only works for subdomains).

Redirecting subdomain for static assets on Heroku

I would like myapp.com/blog to redirect to www.myapp.com/blog. I've installed Refraction to do subdomain redirects at the Rack layer. That doesn't work on Heroku for /blog since my files in /blog are static assets. Any fix?
Sounds like you may be making this more difficult than it needs to be.
If you just want myapp.com/something to redirect to www.myapp.com/something, then goto the domain host that is currently handling the myapp.com domain and create a URL redirect record to do just that. This way, the redirect happens at the domain registrar before it even touches your Heroku server (which is how it should be handled).
An example of this would be to create the following records at your domain registrar (i.e. GoDaddy, NameCheap, etc): http://i.imgur.com/FJrMV.png
Those 3 IP addresses point to Heroku's servers. You should have already set up the custom domain add-on within Heroku if indeed you have some site similar to myapp.com and not myapp.heroku.com
Here's an article / video from Heroku that deals with a little bit of this as well: http://devcenter.heroku.com/articles/custom-domains

SSL-secured website best practices

I have a website (www.mydomain.com) that is secured with an SSL certificate. It is an ASP.NET website and I have forced certain pages via code to be required to use the https:// prefix. If they don't it will redirect them to the https:// equivalent. Is this a good practice? Is there an easier way to do this? Not every single page requires SSL.
Also, when the users use my URL in the form of mydomain.com instead of www.mydomain.com they get a certificate error because the certificate was registered for www.mydomain.com. Should I use the same approach as I am with the http:// and https:// issue I mentioned above? Or is there a better way of handling this?
Your approach sounds fine. In my current project, I force HTTPS when a user goes to my login page, (Based on a config flag which lets me test locally without dealing with needing a cert). This allows me to access other pages unsecured which is handy.
I have a couple places where our server grabs the output of other pages (rendering to html to PDF and fetching dynamic images for example). Because of our environment, our server can't resolve it's public name, so if we were to force ssl at the site we'd have to add, our internal IP address (or fake the domain name).
As for your second question you have two options to handle the www.example.com vs example.com. You can buy a certificate that allows you to have multiple domain names. These are known as UCC certificates.
Your second option is to redirect example.com to www.example.com or the other way around. Redirecting is a great option if want your content to be indexed by google or other search engines. Since they will see www.example.com and example.com as two seperate sites. This means that links to your sites will be split reducing your overall page rank.
You can configure sites in IIS to require a Cert but that would A) generate an error if someone isn't visiting with https and B) require all pages to use https. So, that won't work. You could put a filter on IIS that checks all requests and redirects them as https calls if they are on your encryption list. The obvious drawback here is the need to update your list of pages every time a new page is added (e.g. from an XML file or database) and restart the filter.
I think that you are probably correct in building code into the pages that require https that redirects to an https version if they arrive via http. As far as your cert error goes, you could redirect with a full path (that includes the www) instead of a relative path to fix this problem. If you have any questions about how to detect whether the call uses https OR how to get the full path of the current request please let me know. Both are pretty straightforward but I've got sample code if you need it.
UPDATE - Josh, the certs that handle multiple subdomains are called wildcard certs. The problem is that they are quite a bit more expensive than standard certs.
UPDATE 2: One other thing to consider is to use a Master page or derived class for the pages that need SSL. That way, instead of duplicating the code in each page you can just declare it as type SSLPage (or use the corresponding Master page) and have the Master/Parent class handle the redirect. Again, you'll need to do some URL processing if you take this approach but it is pretty trivial.
Following is something that can help you:
If it is fine to display all your website pages with https:// then you can simply update your code to use https:// and set two bindings in IIS. One is for http and another is for https. In this way, your website can be accessible through any of the protocol.
Your visitors are receiving a name mismatch error because the common name used in your SSL certificate is www.mydomain.com. Namecheap is providing RapidSSL certificates through which you can secure both names under single SSL. You can purchase this SSL for www.mydomain.com and it will automatically secure mydomain.com (i.e. without www).
Another option is you can write a code to redirect your visitors to www.mydomain.com website even if they browse mydomain.com.

Resources