I deployed an app on Heroku and set up automatic SSL configuration. According to my Heroku, my app can be accessed via https. If I use that URL, the connection is indeed secure.
I added a Synthetic Recored in my google domain to point to this url. I also added a Custom Resource Record where the Name is www, Type is CNAME, and Data is my DNS Target for the app.
I can only connect securely when I use https://www.osrshub.com. If I use www.osrshub.com or osrshub.com, it is not secure. What am I doing wrong?
The comment from user2864740 is correct. I needed to update my front end to redirect to https.
Force SSL/HTTPS with mod_rewrite
Related
Using Google Domains, I've set up a synthetic record to redirect foo.com -> www.foo.com. Just like in this example:
https://support.google.com/domains/answer/6346300?hl=en
However, it doesn't seem to work with https://foo.com.
How do I configure it so that the subdomain forward works with https as well?
To give it more context, I'm mapping my custom domain to a heroku app, so I've set up a CNAME record for www.foo.com, and would like https://foo.com to be mapped to https://www.foo.com
Before providing any input please confirm if you are using any pointing service?
If http://foo.com is working whereas https://foo.com is not then you may need any service like pointDNS or cloudflare.
I have a domain example.com in AWS and have got one load balancer and one ec2 instance. Trying to setup https with certificate from AWS.
Route53 setup and A record setup is done as follows for domain to load balancer.
domain name - *.example.com
Name:-
example.com.
Type:-
- Ip4
Alias Target :- dns name of load balancer.
My web is a spring based web and it redirect user to landing page if user access www.example.com --->>> www.example.com/landing.
After all the setup, if i access like the below url, it is working fine.
https://www.example.com/landing
But if i access without www,
https://example.com/landing --> It leads to browser security page.(Your connection is not private
Attackers might be trying to steal your information from ...)
Our certificate is based on the domain name *.example.com.
If I simply access, https://example.com/ ---> It gets redirected to http://example.com/landing -- > Spring app redirects like this with http.
http://www.test.com/landing leads to certificate trust error. (https://example.com/landing).
Getting site can not be reached error if i simply access, http://www.example.com/
I am looking for URL redirection to https if user access using http or without www or without any scheme. Not sure if i have to configure anything in Route53.
Also, Do i need to configure in my app to redirect to https?
Your current certificate should not work for the root, i.e. https://test.com
Either purchase an alternate name for https://test.com or use only www.test.com as your website. You do not need to change anything in Route53 for now. You probably do need to add redirection in your webserver/app to use HTTPS-only, unless you want to leave it to the users.
I have been using openshift for quite some time. Since letsencrypt is in beta, I thought I gave it a try.
My current setup:
www.digrin.com is an alias to my openshift url - digrin-digrincom.rhcloud.com
digrin.com A tag points to wwwizer redirect service 174.129.25.170.
I have uploaded ssl certificates to openshift. It works fine on domain www.digrin.com. However since naked domain digrin.com points to wwwizer.com, it does not use https. I believe it is a problem. I want both domains (naked as well as www variant) to use https. Is it possible? I know wwwizer has some premium plan where it might be possible, but I would like a free version if possible.
If you don't know, I can not set cname for naked domain, so I had to use A tag to wwwizer, because openshift might change IP address.
Useful link:
How to use naked GoDaddy domain with OpenShift hosting?
If you are looking for a free (1 domain) service that redirects naked domains with valid SSL certificates. I moved from wwwizer to nakedssl to redirect to an Opensift server and it works fine.
Well first of all I had to generate ssl certificate for naked domain - digrin.com. I set temporarily A tag for digrin.com to openshift's ip and generated ssl certificate.
Now we have working certificate, but since A tag for digrin can not be set permanently, domain registrant must support naked domain redirect. More on this you can read here -> if you registrant does not support it, move to cloudfront (I will test cloudfront if my registrant will not add this feature within few months and will update this answer).
We're using DNS simple to point our domain to our SSL-enabled Heroku app. The behavior we're seeking is as follows:
http://ourdomain.com
https://ourdomain.com
http://www.ourdomain.com
Should all permanently redirect to:
https://www.ourdomain.com
We've already created a CNAME for www.ourdomain.com that points to our app's .herokussl.com domain, but we're not sure what to do with the naked domains. In GoDaddy, we used to do non-masked forwarding. DNSimple doesn't have forwarding, but does have special entries called ALIAS and URL, though we're not sure what to use.
To configure a redirect you should use an URL record as described in our redirect documentation.
However, it's not possible to redirect an HTTPS URL because of the priority between SSL negotiation and HTTP headers. In this case, because you also want https://ourdomain.com to redirect to https://www.ourdomain.com, then you need to create an ALIAS for ourdomain.com to your Heroku SSL endpoint and handle the redirect in your app.
I'm building a Sinatra app which needs to use a session variable for one very specific thing. The session variable is set when the user is looking at an SSL enabled page.
I'm using Heroku's piggyback SSL, so the SSL url is something like https://myapp.heroku.com
However, the app itself is hosted at my url, myapp.com
Is there a way to make my session variable, which is set while on the ssl / heroku domain name, available to my app while while on my domain name?
Unfortunately no, since the cookie is tied to the domain. What you'll have to do is either allow authenticated users to use the https://foo.heroku.com domain, and reserve your nice domain for the landing page & other unauthenticated pages.
That, or pay $20 for heroku's SSL add-on.
(I ran into this exact problem in http://appkickstand.com and I chose to just deal with the heroku url for logged in users)
You should look for cross-domain cookies manuals, check this.
But i don't see many reason in setting cookie through secured channel and transmitting it later via raw HTTP, where everyone could sniff it.