Setting up SSL on heroku with custom domain - ruby-on-rails

I am trying to set up SSL for a custom domain on heroku using the ssl-endpoint addon. My app uses Rails 3.1.0.
Suppose my custom domain is www.example.com. From this question and various other sources, I found that I am supposed to use secure.example.com rather than example.com as the common name when generating the certificate request. I have a few a questions about this:
Do I have to forward users from example.com to secure.example.com (or do anything else with my domain registrar)?
Will users actually see secure.example.com rather than example.com when using ssl?
Will I have to change anything in my actual Rails application or config in order to get this to work?

Related

Using rails app as on extension of an existing website

I am trying to use rails app as an extension of my Weebly app.
current domain is hosted by Weebly. I am trying to the following,
I am trying to use the one domain for two different applications(Weebly template website and Rails application)
I thought of two solutions and I don't know if any of them are applicable.
solution
add a subdomain eg. welcomerailsapp.example.com
or
www.example.com/welcomerailsapp
I will be pushing my Rails app to the Heroku server
little guidance would be appreciated
thank you
You can use a CNAME record to do what you want. This would be done at your domain registrar or DNS provider.
Example:
Domain: mydomain.com
CNAME www => yourweeblyhost.com (Weebly app server)
CNAME rails => yourrailsapp.com (Heroku server)
www.mydomain.com would then route to your Weebly app, rails.mydomain.com would route to your Rails app.
This can be done on Weebly via the settings tab under your domain. So all you'd need to do is pick a name for your subdomain, with that as the "name" for the CNAME record and point it to the URL Heroku gives you for your Rails app.
You can also get more complex with it by using wildcards.
So if you only wanted one subdomain (www), for example, to route to the Weebly app; you can configure it as such by creating a CNAME for the www subdomain and pointing it to Weebly as noted above. Then, by using a wildcard (usually * on most providers) as the "name" you can tell the internet that [anyotherthing].mydomain.com should route to the Rails app without having to define each subdomain manually.

Wildcard domains on heroku

How can I use wildcard domain on Heroku? My application is using subdomain.
I followed the Heroku custom domain article and mapped my *.mydomain.com to myapp.herokuapp.com. When I visit dev.mydomain.com it points to heroku app but on Heroku app I cant find the subdomain.
In short I want to use subdomain on heroku, like dev.myapp.herokuapp.com. Any suggestions?
The wildcard setup on Heroku instructs Heroku to point any request for a subdomain of given domain to your application.
But here stops Heroku responsibility. Then your application must be able to handle such requests at application level.
In Rails, you can inspect the request details with the request object in your controller. And you can access the specific subdomain with request.subdomain.
So, for example, if you added *.example.com and someone access foo.example.com, the request object will respond with the following values:
request.host
# => foo.example.com
request.subdomain
# => foo
Now it's your responsibility to use such information in your app according to what you are trying to achieve.

Redirecting subdomain for static assets on Heroku

I would like myapp.com/blog to redirect to www.myapp.com/blog. I've installed Refraction to do subdomain redirects at the Rack layer. That doesn't work on Heroku for /blog since my files in /blog are static assets. Any fix?
Sounds like you may be making this more difficult than it needs to be.
If you just want myapp.com/something to redirect to www.myapp.com/something, then goto the domain host that is currently handling the myapp.com domain and create a URL redirect record to do just that. This way, the redirect happens at the domain registrar before it even touches your Heroku server (which is how it should be handled).
An example of this would be to create the following records at your domain registrar (i.e. GoDaddy, NameCheap, etc): http://i.imgur.com/FJrMV.png
Those 3 IP addresses point to Heroku's servers. You should have already set up the custom domain add-on within Heroku if indeed you have some site similar to myapp.com and not myapp.heroku.com
Here's an article / video from Heroku that deals with a little bit of this as well: http://devcenter.heroku.com/articles/custom-domains

Multiple domains pointing to single Heroku Rails app via nameservers displaying different content?

We have a Rails 3 app which allows users to create a profile and access it with a subdomain. So for example:
user1.app.com
user2.app.com
user3.app.com
Now, suppose they wanted to point their own domain name to their profile, so www.user1.com shows user1.app.com, and www.user1.com/my-content/ shows user1.app.com/my-content/. Is it possible for them to simply change their nameservers to point to us, and we handle the routing? I'm afraid it would be a deal breaker if the user had to do any DNS configuration beyond just changing their nameservers.
Thanks!
This is really two questions.
So I guess I'll answer it like that.
How can I allow customers to add a custom domain to my heroku-based app?
So, in your example, their domain name is www.user1.com
Two things need to happen
www.user1.com needs to be added to your heroku domains for the app
the dns for www.user1.com needs to be set to the heroku servers
In order to add this new domain, I guess you need to store the custom domain in the app,
and when it is changed, or created, ensure a queued task is setup to push this config change to heroku.
In order to do the dns correctly, I hope it is enough that they add a CNAME for user1.app.com.
Therefore, if you have a wildcard CNAME linking to heroku's dns, you can avoid the type of downtime that can occur if Heroku gets DOS-ed again.
How can I show content based on domain, rather than just subdomain?
Well, somehow you already differentiate user1.app.com from user2.app.com
Maybe you just sniffed request.host.
Now you just have to try the custom domain first.
Maybe this'll work.
before_filter :set_client
def set_client
#client = Client.find_by_custom_domain(request.host) || Client.find_by_subdomain(request.host.split(".").first)
unless #client
raise "unrecognised domain #{request.host}"
end
end
You need to get them first of all have them set www.user1.com to point to proxy.heroku.com (or setup your own cname entry to proxy.heroku.com and get them to cname their domains to that) and then you need to register their custom domain with your heroku app so the correct application responds at Heroku stored against their account?? in your application so it can be matched on incoming requests.
This technique is employed in the Locomotive Rails CMS so I'd suggest looking at that - it uses the Heroku gem INSIDE the application so custom domains can be added via the site administrator which in turn talks to the Heroku API to add the custom domain to the application.

SSL-secured website best practices

I have a website (www.mydomain.com) that is secured with an SSL certificate. It is an ASP.NET website and I have forced certain pages via code to be required to use the https:// prefix. If they don't it will redirect them to the https:// equivalent. Is this a good practice? Is there an easier way to do this? Not every single page requires SSL.
Also, when the users use my URL in the form of mydomain.com instead of www.mydomain.com they get a certificate error because the certificate was registered for www.mydomain.com. Should I use the same approach as I am with the http:// and https:// issue I mentioned above? Or is there a better way of handling this?
Your approach sounds fine. In my current project, I force HTTPS when a user goes to my login page, (Based on a config flag which lets me test locally without dealing with needing a cert). This allows me to access other pages unsecured which is handy.
I have a couple places where our server grabs the output of other pages (rendering to html to PDF and fetching dynamic images for example). Because of our environment, our server can't resolve it's public name, so if we were to force ssl at the site we'd have to add, our internal IP address (or fake the domain name).
As for your second question you have two options to handle the www.example.com vs example.com. You can buy a certificate that allows you to have multiple domain names. These are known as UCC certificates.
Your second option is to redirect example.com to www.example.com or the other way around. Redirecting is a great option if want your content to be indexed by google or other search engines. Since they will see www.example.com and example.com as two seperate sites. This means that links to your sites will be split reducing your overall page rank.
You can configure sites in IIS to require a Cert but that would A) generate an error if someone isn't visiting with https and B) require all pages to use https. So, that won't work. You could put a filter on IIS that checks all requests and redirects them as https calls if they are on your encryption list. The obvious drawback here is the need to update your list of pages every time a new page is added (e.g. from an XML file or database) and restart the filter.
I think that you are probably correct in building code into the pages that require https that redirects to an https version if they arrive via http. As far as your cert error goes, you could redirect with a full path (that includes the www) instead of a relative path to fix this problem. If you have any questions about how to detect whether the call uses https OR how to get the full path of the current request please let me know. Both are pretty straightforward but I've got sample code if you need it.
UPDATE - Josh, the certs that handle multiple subdomains are called wildcard certs. The problem is that they are quite a bit more expensive than standard certs.
UPDATE 2: One other thing to consider is to use a Master page or derived class for the pages that need SSL. That way, instead of duplicating the code in each page you can just declare it as type SSLPage (or use the corresponding Master page) and have the Master/Parent class handle the redirect. Again, you'll need to do some URL processing if you take this approach but it is pretty trivial.
Following is something that can help you:
If it is fine to display all your website pages with https:// then you can simply update your code to use https:// and set two bindings in IIS. One is for http and another is for https. In this way, your website can be accessible through any of the protocol.
Your visitors are receiving a name mismatch error because the common name used in your SSL certificate is www.mydomain.com. Namecheap is providing RapidSSL certificates through which you can secure both names under single SSL. You can purchase this SSL for www.mydomain.com and it will automatically secure mydomain.com (i.e. without www).
Another option is you can write a code to redirect your visitors to www.mydomain.com website even if they browse mydomain.com.

Resources