I am trying to setup SSL for my heroku app. I am using the hostname based SSL add-on. The heroku documentation states the following:
Hostname based SSL will not work with root domains as it relies on CNAME
aliasing of your custom domain names. CNAME aliasing of root domains is
an RFC violation.
As expected everything works well when I access the site using the www subdomain, i.e. https://www.foo.com. The browser complains when I access https://foo.com as the certificate presented is for heroku.com.
I concluded that I have to redirect the traffic for foo.com to www.foo.com to address this issue. I am considering following approaches:
1) DNS based redirection
The DNS provider Zerigo supports the redirect records. I came across a question on a similar subject on SO. I tried the solution, it works ONLY for HTTP redirection(Zerigo documentation confirms this).
My Zerigo configuration:
foo.com A x.x.x.x
foo.com redirect http://www.foo.com
www.foo.com CNAME zzz.amazonaws.com
2) Rack based redirection
Add a rack based middle-ware to perform the redirection. The canonical-host gem provides such support.
use CanonicalHost do
case Rails.env.to_sym
when :staging then 'staging.foo.com'
when :production then 'www.foo.com'
end
end
I am wondering if there is a better solution for this(barring switching to $100 per month IP based SSL)
Wow...this took me forever, and a bunch of info on the web was wrong. Even Heroku's docs didn't seem to indicate this was possible.
But Jesper J's answer provides a hint in the right direction: it works with DNSimple's ALIAS record which I guess is some new sort of DNS record they created. I had to switch my DNS service over to them just to get this record type (was previously with EasyDNS).
To clarify when I say "works" I mean:
entire site on SSL using your root domain
no browser warnings
using Heroku's Endpoint SSL offering ($20/month)
It works for all of the following urls (redirects them to https://foo.com with no warnings)
http://foo.com
http://www.foo.com
https://www.foo.com
https://foo.com
To summarize the important bits.
move your DNS over to DNSimple (if anyone knows other providers offering an ALIAS record please post them in the comments, they were the only one I could find)
setup Heroku endpoint ssl as normal https://devcenter.heroku.com/articles/ssl-endpoint
Back in DNSimple add an ALIAS record pointing foo.com to your heroku ssl endpoint, something like waterfall-9359.herokussl.com
Also add a CNAME record pointing www.foo.com to your heroku ssl endpoint, waterfall-9359.herokussl.com
finally in your rails (or whatever) app make the following settings:
in production.rb set
config.force_ssl = true
in application_controller.rb add
before_filter :check_domain
def check_domain
if Rails.env.production? and request.host.downcase != 'foo.com'
redirect_to request.protocol + 'foo.com' + request.fullpath, :status => 301
end
end
This finally seems to work! The key piece seems to be the ALIAS dns record. I'd be curious to learn more about how it works if anyone knows, and how reliable/mature it is. Seems to do the trick though.
DNSimple offers an ALIAS record type to address this need. You can create an alias from your root domain (a.k.a zone apex) pointing to a CNAME. Read more about it here:
http://blog.dnsimple.com/introducing-the-alias-record/
DNS redirects wouldn't care whether the inbound request is http or https so would maintain the original protocol - so would redirect http://foo.com to http://www.foo.com and the same for https.
You'll need to do it within the application via the gem you found or some other rack redirect gem or if www. is a problem use the IP based SSL addon.
One thing you will like to keep in mind is that google might index both versions of your site if both versions are accessible (Root vs WWW). You would need to setup conicals to handle that which might be a pain to upkeep.
In my DNS settings I set up a URL / Forward record (DNS Simple)
URL foo.com 3600 http://www.foo.com
The CNAME setup only needs to be setup for WWW
CNAME www.foo.com 3600 providedsslendpoint.herokussl.com
I also had to setup and Alias for my root
ALIAS foo.com 3600 providedsslendpoint.herokussl.com
Then I decided to simply replace foo.com with an env variable ENV['SITE_HOST'] (Where SITE_HOST= www.foo.com or whatever I might define). I can control this via my heroku configuration or my .env file (See https://github.com/bkeepers/dotenv). That way, I can control what happens in different environments.
For example, my test app uses test.foo.com as the url it also has its own SSL endpoint so that works fine for me. This also scales to create staging or qa specific environments as well.
before_filter :check_domain
def check_domain
if Rails.env.production? || Rails.env.testing? and request.host.downcase != ENV['SITE_HOST']
redirect_to request.protocol + ENV['SITE_HOST'] + request.fullpath, :status => 301
end
end
From now on, end users will always access www with forced SSL. Old links will suffer a small hang but nothing noticeable.
On the Rails part, to make the redirection, it'd be more sane to make it occur on the router layer, like this (works on Rails 3+):
Rails.application.routes.draw do
match '/*splat' => redirect { |_, request| request.url.sub('//www.', '//') }, :constraints => { :subdomain => 'www' }
# ...
end
For those heroku users using godaddy previously, I just finish porting the DNS over from godaddy to cloudflare. And the https is working fine now.
Godaddy DNS is incompatible with heroku. And this is due to:
Some DNS providers will only offer A records for root domains.
Unfortunately, A records will not suffice for pointing your root
domains to Heroku because they require a static IP. These records have
serious availability implications when used in environments such as
on-premise data-centers, cloud infrastructure services, and platforms
like Heroku. Since Heroku uses dynamic IP addresses, it’s necessary to
use a CNAME-like record (often referred to as ALIAS or ANAME records)
so that you can point your root domain to another domain.
Setting up is fairly simple.
First, add the nameservers of the cloudflare into godaddy dns manager. These are some examples:
roxy.ns.cloudflare.com
sam.ns.cloudflare.com
Next, you only need two more steps.
Add a CNAME NAME.com and link it to NAME.com.herokudns.com
That's it. This is assuming that you already have a CNAME www.NAME.com linked to www.NAME.com.herokudns.com
If you are using Rails, be sure to set config.force_ssl = true at config/environment/production.rb
I found DNSimple to be complicated for my current web developer competence. I finally signed up with easyDNS and moved the domain I purchased at Godaddy over to easyDNS. Annual cost for a standard easyDNS subscription is currently $20. Good thing about easyDNS is that they actually answer their phone. A few minutes on the phone and I had my DNS target configured properly for Heroku. Tested my app and it worked for HTTP. When I upgraded my heroku app to a paid hobby dyno, which is currently $7/mo, it instantly applied SSL protection. Tested my app in the browser again, and it worked serving over HTTP and HTTPS. Next, I uncommented some code in my nodejs app that redirects http => https. One more test in a browser, seems good to go. Secure. Works with www and it works with the root domain. Bottom line: you may not have to pay for a Heroku Endpoint at $20/mo. Hope that helps.
Related
I have application deployed in Heroku with Godaddy domain.
After trying several methods done dns setup.
Add CNAME www with value DNS target provided by heroku.
This is working fine for domain with www. But I like to open domain without www(naked domain). which is not working currently.
What I have already tried and nothing worked for me.
Add CNAME with name(naked domain) and value(heroku app url)
(a) Add a Domain with naked domain name(domain name without www)
(b) Add CNAME with name(naked domain) and value(heroku app DNS Target
value from(a))
Add Forwarding https:// with www.domain-name
Then tried configure DNS setup in cloudflare there everything problems got resolved, But there website's speed got slow and even some JS was not working. Tried several code changes and deployment, Nothing worked so finally back to GoDaddy for DNS Setup.
Somewhere got to know that CloudFlare provide CName flattening which GoDaddy not. Due to CName Flattering Redirection works fine with CloudFlare.
Please suggest me steps to resolve this. domain URL
Got response from Heroku team.
Redirecting from root domain [http://mysite.in/] to sub domain [http://www.mysite.in/] can be done at application level or on your DNS provider [GoDaddy] settings. Heroku or any other similar platforms won't have such an option.
Heroku recommends you to point the root domain to its DNS target with an ALIAS/ANAME record type. Unfortunately, Godaddy doesn't give that option. The root domain's DNS target can be an IP address as well, but the IP addresses of your application on Heroku keeps changing, at least once a day, so you can't use that as DNS target. We have an article on how you should set up the domains for a Heroku app, please give it a read https://devcenter.heroku.com/articles/custom-domains and let me know if you have any question there.
So the options you are left with is to make use of an add-on like Quotaguard which will give you a static IP address against your Heroku application, this IP can be used as DNS targets or change the DNS provider, we have a list of DNS providers which support ALIAS/ANAME record type.
I am aware that there have been a few discussions on this one but none have given a definitive answer. I am hoping this will help me and others.
Problem:
I have a domain name (www.xyz.com) registered with 1&1.
I want users to be able to type this in and be shown my website. A Heroku web app.
I want the domain name (www.xyz.com) to be displayed. Not any subdomain url or the heroku app URL.
I do not want the set-up do be anything that will have a detrimental impact on SEO.
Note: I have just got off the phone with 1&1 and they have said that my only options are to do a frame redirect or a http forward. Neither of these meet the above requirements.
Additionally, other posts have suggested finding out what the Heroku IP address is and using this but Heroku recommend against this as they might change it without notice.
Please could I ask that any one kind enough to respond spells things out a little. Anyone having problems with redirects is likely to be new to this.
Thanks.
never used the 1&1 services, but solving your problem is pretty straightforward.
Take the following steps:
Add you domain to heroku. heroku domains:add www.xyz.com . If you have more than 1 app in your heroku account, remember to pass the --app flag
Now you should have something like myherokuapp.herokuapp.com where myherokuapp is the name of your app on heroku
Go to 1&1 and create a CNAME record pointing to myherokuapp.herokuapp.com
I found this video to be helpful - https://www.youtube.com/watch?v=ZLVBBAnrrL4
Basically, as noted by #Kevin Lawrence above, you use the 'www' subdomain.
I've never used 1&1 but my DNS provider (dreamhost) does not allow CNAMEs on the main domain name either. It does however allow me to create a CNAME for the www subdomain which was good enough in my case.
I did this:
heroku domains:add www.mydomain.com
create a CNAME record pointing to mydomain.herokuapp.com
Have mydomain.com redirect to www.mydomain.com
It's not exactly what I wanted (or what you want) but it works.
What worked for me was to user Namecheap.com's FreeDNS service that provides free automatic redirect for your TLD and subdomains directly to Heroku, while keeping your domain visible:
example.com and www.example.com now point to exampleapp.herokuapp.com
I had to have a live chat with Namecheap's support to complete the domain verification process, but they answered really fast! Love to namecheap, 1and1 is really crappy, moving my domains away soon. :)
I got this to work properly! No need for CNAME at all. Create a A record in heroku like in this link - creating a custom room domain - provided by heroku (of course, change example.com to your root domain):
heroku domains:add example.com
Here, example.com is the ROOT domain. Once you get an A record, execute the following command
heroku domains:wait example.com
Now verify your domain has been provisioned:
heroku domains -a [your custom heroku app name]
And you get this:
=== [your custom app name] Custom Domains
Domain Name DNS Record Type DNS Target
example.com ALIAS or ANAME elliptical-blueberry-1euo3460fyrtc8zdgulv0f7o.herokudns.com
Next, get the IPv4 IP address of elliptical-blueberry-1euo3460fyrtc8zdgulv0f7o.herokudns.com I got it by using a lookup service.
Updating 1 and 1
Go to 1and1.
Click the DNS tab for your custom domain e.g. example.com
Delete the existing A record
Create a new A record and enter in the # symbol if it asks you, or else I think it is the default AND enter in the IPv4 address
For testing this out, make the TTL 1 min until it's stable
Give it time to propagate. Could be a few minutes to 24 hours.
While I've done this on my VPS, I've never done this for a heroku application, and now I have to do it for a fairly large company so I really want a simple list of bullet-points in how to do this.
I've read these instructions, and I'm still a little bit unclear on what exactly they mean. Again, if I had more time I'd buy some rubbishy domain and test it myself, but I don't have time on my side and need to get this right first time!
Thankfully, no SSL is required at this time.
Here's what I can gather I need to do to point the url www.foobaryfoobs.com at my application, running at warm-chamber-1882.herokuapp.com. Please correct me:
1) I add www.foobaryfoobs.com to the local repository containing the application.
I presume I do this by navigating to the repository on my local machine and running:
$ heroku domains:add www.foobaryfoobs.com
How does this work? Does it update some configuration file somewhere that I need to add to the repository and then push up to heroku?
Are there any caveats or best practices here? What other domains should I add? heroku domains:add *.foobaryfoobs.com, for example?
Heroku advises we use the above wildcard domain here. Why?
2) Log into the registrar that created www.foobaryfoobs.com and navigate to its control panel.
3) Update the domain's CNAME record to point at warm-chamber-1882.herokuapp.com
Am I done for the most part? Now do I just wait?
Is there no IP related stuff?
The domain has several dozen emails attached to it. As long as I don't touch the MX record, I should be fine?
What's a root domain? Why should I add it?
Why should I care that:
Some DNS hosts provide a way to get CNAME-like functionality at the
zone apex using a custom record type.
4) Update the domain's FORWARD / URL record so that foobaryfoobs.com points to www.foobaryfoobs.com
For a nooby, please explain why this is necessary.
3 Conclusive Questions:
1) Is this how it should be set up?:
The app:
warm-chamber-1882.herokuapp.com
Should have the following configurations (saved in some weird config file that I wouldn't mind knowing more about about):
domains:
www.foobaryfoobs.com
*.foobaryfoobs.com
The domain:
www.foobaryfoobs.com
Should have the following records:
CNAME: warm-chamber-1882.herokuapp.com
URL / FORWARD: foobaryfoobs.com target: www.foobaryfoobs.com
MX: *as long as I don't touch them the emails will still work*
2) Am I covered against:
It’s important to make sure your DNS configuration agrees with the
custom domains you’ve added to Heroku. In particular, if you have
configured your DNS for *.example.com to point to
example.herokuapp.com, be sure you also run heroku domains:add
*.example.com. Otherwise, a malicious person could add baddomain.example.com to their Heroku app and receive traffic intended
for your application.
3) How should I adjust the steps for a site that has an SSL backend section?
A.
$ heroku domains:add www.foobaryfoobs.com
How does this work? Does it update some configuration file somewhere that I need to add to the repository and then push up to heroku?
I dont know exactly how does it works internally but this command is equivalent of adding ServerName in apache config file, without this when request comes to www.foobaryfoobs.com it will be forwarded to heroku because of dns but heroku fail to determine your app. You will see the below image.
That's why they need your domain so they know which apps belongs to which domains. They also need it for domain precedence purpose. No changes are required in your code as long as you are okay to allow your user to access Heroku subdomain ie warm-chamber-1882.herokuapp.com. If you dont want user to access heroku subdomain you have to pass 301 http status so it will be redirected to your actual domain i.e www.foobaryfoobs.com . For this you have add this in your application controller
before_action :forward_to_domain_if_heroku_subdomain
private
def forward_to_domain_if_heroku_subdomain
if request.host == 'warm-chamber-1882.herokuapp.com'
redirect_to "http://www.foobaryfoobs.com" , status: 301
end
end
Are there any caveats or best practices here? What other domains should I add? heroku domains:add *.foobaryfoobs.com, for example?
if you ONLY want to use www.foobaryfoobs.com as your domain, this command is suffice ie
heroku domains:add www.foobaryfoobs.com
If you want to assign naked domain foobaryfoobs.com then you ALSO have to run
heroku domains:add foobaryfoobs.com
If you application use subdomains like subdomain.foobaryfoobs.com then you also have to run
heroku domains:add foobaryfoobs.com
2) Log into the registrar that created www.foobaryfoobs.com and navigate to its control panel.
To be precious, you have to do DNS management tool.
3) Update the domain's CNAME record to point at warm-chamber-1882.herokuapp.com
Yes.
Am I done for the most part? Now do I just wait?
Yes, but there are also other things.
Is there no IP related stuff?
Yes, there is no ip related stuff.
The domain has several dozen emails attached to it. As long as I don't touch the MX record, I should be fine?
Yes.
What's a root domain? Why should I add it?
if you want to accept requests from user at warm-chamber-1882.herokuapp.com (not www. warm-chamber-1882.herokuapp.com) then you have to add it.
Why should I care that:
Some DNS hosts provide a way to get CNAME-like functionality at the zone apex using a custom record type.
Yes. They are talking about ALIAS or ANAME type of records. (DNSimple provides it). You have to care it because from that custom-record-type it is easily to add record. They are like pre defined templates eg ALIAS is template of A record.
4) Update the domain's FORWARD / URL record so that foobaryfoobs.com points to www.foobaryfoobs.com
For a nooby, please explain why this is necessary.
It is necessary because www.foobaryfoobs.com and foobaryfoobs.com are different in a same way like images.google.com and news.google differs. www is nothing special it is just a subdomain. If you dont do this, user can't use your site from foobaryfoobs.com but can access www.foobaryfoobs.com.
B.
1) Is this how it should be set up?
Yes, it is correct. But if you want to allow foobaryfoobs.com and www.foobaryfoobs.com, you have to do something like below table. You dont require *.foobaryfoobs.com record if your app doesn't use any subdomain except www. It is bad practice actually to add *.foobaryfoobs.com .
Type | Name | Content
---------------------------------------
ALIAS | foobaryfoobs.com | yoursite.herokuapp.com
CNAME | www.foobaryfoobs.com | yoursite.herokuapp.com
It’s important to make sure your DNS configuration agrees with the custom domains you’ve added to Heroku. In particular, if you have configured your DNS for *.example.com to point to example.herokuapp.com, be sure you also run heroku domains:add *.example.com. Otherwise, a malicious person could add baddomain.example.com to their Heroku app and receive traffic intended for your application.
Yes. Moreover you dont have to worry about this. If the malicious user can set subdomain at your domain then he capable to do much destruction :P. Actually, malicious user can't access your DNS management tool so you're safe.
In your registrars host records you want to set the # to the redirect to the www.foobaryfoobs.com and the www record to the CNAME of warm-chamber-1882.herokuapp.com, this is because Heroku may change the IP address associated with that hostname and if you have the ip in your registrar you would also have to update. Using a CNAME ties that url to the ip so when Heroku updates the ip your site is still up. As long as you don't touch your MX records your email will be fine.
To protect again *.foobaryfoobs.com issues they warn about you can also setup a host record for exactly that and make it a CNAME as well pointing at warm-chamber-1882.herokuapp.com.
As far as setting up the SSL you can look at this article, that should get you setup.
I can answer only some of this:
1) a) It updates some config stored on heroku's end related to your app. You can see that if you login to the heroku site and look at the config for your app.
b) dunno
c) this will let people type both "http://www.foobaryfoobs.com" and "http://foobaryfoobs.com" and for both of them to go to your app.
You can also do this with an A/AAAA record.. in my opinion the better way.
Check out my answer in this thread
Heroku EU region how to setup custom domain name?
I have a domain from gandi.net, I'm trying to make it point to my heroku app. I followed several tutorials and steps, I almost did it but I'm getting this Access to bamboo HTTP endpoint denied
This is my zone file:
# 10800 IN A 174.129.212.2
# 10800 IN A 75.101.145.87
# 10800 IN A 75.101.163.44
www 10800 IN CNAME myapp.herokuapp.com
And I already added the domains using heroku CLI. myapp.com and also www.myapp.com
Any idea?
Gandi does NOT support ALIAS/ANAME. How to point both www subdomain and bare domain at your Herokuapp
# 10800 IN A 217.70.184.38 #this is Gandi's IP address
www 10800 IN CNAME your-app.herokuapp.com.
a web forwarding set up.(301 permanent redirect from bare domain to www.projectborrow.com). For Gandi, web forwarding is not adjusted in the zone files, it's a separate page that you access from the domain page in the box on the upper right (where you do email).
You need to get rid of the A records because Heroku no longer supports them. www.yourdomain.com should still work with that config though.
If you want to point the naked domain at your app on Heroku then you'll need to create an ALIAS record and I'm not sure if Gandhi supports these.
To do it right, you would need an ALIAS record for the apex of your domain.
Gandi does not support ALIAS records yet, but you can vote for them to implement them here.
I have my domain name example.com from domain registrar BigRock, which also provides me the DNS management panel.
My application is hosted at Heroku at example.herokuapp.com.
Domain Settings at Heroku:
bash-3.2$ heroku domains
=== MyApp Domain Names
*.example.com
example.herokuapp.com
example.com
www.example.com
In my DNS Management panel, I have 0 A records, 1 MX records for Hotmail and 1 CNAME record for www.example.com.
I know about the problem with Naked domains and A-records with Heroku.
I have gone through these:
1. StackOverflow ques - How to setup DNS for an apex domain (no www) pointing to a Heroku app?
2. Heroku DevCenter - Custom domains - set up root domain
3. Heroku DevCenter - Apex Domains
The above links and many others point towards 2 solutions:
Using ALIAS or ANAME records by DNSimple/ DNS Made Easy
If your DNS provider does not support such a record-type, and you are unable to switch to one that does, you will need to use subdomain redirection to send root domain requests to your app on Heroku.
Since, I couldn't find such records on BigRock DNS Management Console. There were only these records - "A, AAAA, MX, CNAME, TXT, SRV and SOA".
Accordingly, I have setup "Domain Forwarding" for my domain. But, it only gave me option to provide "Designation URL where you wish to forward requests for www.example.com and example.com".
Now, If I do
bash-3.2$ host example.com
example.com has address 173.194.16.11
example.com mail is handled by 15 888379351a9a.pamx1.hotmail.com.
and
bash-3.2$ host www.example.com
www.example.com is an alias for example.herokuapp.com.
This does solve the naked domain problem. But other subdomains like xyz.example.com are still not redirected to www.example.com, because
there is no mention to redirect all subdomains i.e "*" to any other designation in the "Domain Forwarding" section on BigRock DNS provider.
So, my question is how can I solve this problem of redirecting sub-domains?
Another Query Related to SSL -
Here in the Heroku Devcenter - subdomain redirection, it says that
"However, be aware that, using this method, a secure request to the root domain, e.g., https://example.com, will result in an error or warning being displayed to the user."
Is there any way of fixing the above issue, or do I have to switch to DNSimple or DNS Made Easy to use the ALIAS or ANAME records services they provide?
UPDATE:
On further digging, I found this SO ques - Rails Manually redirecting from Naked Domain, which suggests using:
Rack_rewrite
Refraction gem
Is this a better way?
Once you setup a domain forward in BigRock DNS panel, you will see two A records like example.com => 173.193.106.11 and www.example.com => 173.193.106.11. The same way if you create wildcard dns A record, it will redirect for all the domains. i.e *.example.com => 173.193.106.11
I am not sure if the IP is same in your case because Bigrock might be using multiple servers to offer this service.
Linode do not offer naked domain ANAME records either. A solution I have found is to add a www.site.com CNAME record for the Heroku app as normal. Then point the naked domain/catch-all A record to the following IP address:
174.129.25.170
This is a free naked domain redirect service offered by wwizer. It will take your naked domain, and simply redirect it to a www. equivalent:
site.com => www.site.com
Hope this helps.
Try adding your domain name with www in the 'Destination' of Domain Forwarding Panel.
Later, remove the A record for www. Hence, there will only be 2 A records
i.e for naked domain and wildcard (*)
Then add a CNAME record for www pointing to the HerokuApp value.
Do let us know if you are facing any issues.
You have to do Domain Forwarding of your site from naked domain to www sub domain. This features available next to Manage DNS feature. Once the dialog open, just enter your www subdomain(www.example.com). After 6 to 8 hours(sometime it take 1 day), It will automatically add an A record for your naked domain(example.com) points to ip 173.193.106.14.
For e.g. kanhaiyakumawat.com and kanhaiyakumawat.herokuapp.com
Here are the steps
Add records in your heroku account for
www.kanhaiyakumawat.com to kanhaiyakumawat.herokuapp.com
kanhaiyakumawat.com to kanhaiyakumawat.herokuapp.com
*.kanhaiyakumawat.com to kanhaiyakumawat.herokuapp.com
So now with this heroku side setup is done. Lets move to bigrock 'DNS Management' section. Click 'Manage DNS'.
Add CNAME Records
www.kanhaiyakumawat.com to kanhaiyakumawat.herokuapp.com
*.kanhaiyakumawat.com to kanhaiyakumawat.herokuapp.com
MOST IMPORTANT: Setting up Naked Domain or root domain Setup
Now this is most trickiest part. Just leave the 'hostname' text box
empty and select 2nd radio button in Values.
Put here your heroku dns value e.g. kanhaiyakumawat.herokuapp.com
Same steps are available here:
http://kanhaiyakumawat.com/blog/heroku-and-bigrock-dns-setup/