I purchased a domain (say, example.com) from Google and my Django application (say, mysite.herokuapp.com) runs on Heroku. The CNAME is set on Google to forward the http requests to the Django applicaiton on Heroku. Forwarding requests from http://mysite.example.com to mysite.herokuapp.com works just fine.
Recently, I need to introduce progressive-web-application to my application and it requires the https protocol, instead of http, that is, the URL now has to be https://mysite.example.com and it doesn't work for Google domains. I tried https://mysite.herokuapp.com and it works fine, which means Heroku already supports https. However, I tried (and also googled) for a long time without finding a solution.
So how do I set the Google domain to use https protocol?
The DNS answer from Google cannot contain the port or protocol (http vs. https), it just contains the hostname.
You need to add a redirect from http to https in the Heroku django app, see e.g. here for more instructions.
It's not Google you need to change, it's your Django configuration.
Set SECURE_SSL_REDIRECT to True, and enable the SecurityMiddleware in your app, and any requests should automatically be redirected from HTTP to HTTPS.
When switching to HTTPS you need to add certs to heroku and that process updates the host from "mysite.heroku.com" to something like "tokyo-2121.herokussl.com". You will need to update your DNS to serve HTTPS pages from the new SSL compliant heroku instance for both HTTP and HTTPS.
Here is a tutorial that outlines the process with Godaddy, it should be very similar or all DNS providers.
http://www.joshwright.com/tips/setup-a-godaddy-ssl-certificate-on-heroku
Just got a solution from one of Heroku's engineers:
1) Upgrade the Heroku app to a paid one (e.g., Hobby)
2) On the DNS provider's settings, set the DNS target to <app_name>.<domain>.herokudns.com (e.g., "mysite.example.com.herokudns.com")
3) Run $ heroku certs:auto:refresh -a <app_name> (e.g., $ heroku certs:auto:refresh -a mysite)
I'm not sure if this is the same problem that you ran into, but when forwarding from https://example.com to my wix subdomain https://learn.example.com, I got a "No resource with given identifier found" error in the browser. Forwarding from http://example.com to https://learn.example.com was working just fine.
I had to open Google Domains' advanced forwarding options for my forwarding rule and enable SSL forwarding, like so:
I'm trying t use Ngrok to create a local tunnel to an SSL Virtual host I have on my local machine, but can't seem to get it to work.
My Vhost works perfectly. The site is https://local.mysite.com
Any of the command I try to use to predefine the pointing url on Ngrok, e.g.
./ngrok http -host-header=rewrite local.mysite.com:443
or
./ngrok http -subdomain=local.mysite.com local.mysite.com:443
always seems to return:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
I get that this is happening because I am trying to access a HTTPS connection via a HTTP call but I can't see alternatives in the ngrok docs.
https://ngrok.com/docs#expose
You need to use tls which is only available in the pro subscription.
If you use Vagrant, you can use the share function which is free and support https.
I am using a raspberry pi for my project and also I have setup my pi as a wifi access point.
I am trying to create a landing page to which all the http and https requests must be redirected when a user is connected to pi's wifi access point.
I am using dnsmasq right now for redirection,with which the http redirection is working perfectly.
But I am not able to figure out how to redirect https requests with dnsmasq.
I used the "address=/#/192.168.137.45" option to enable http redirection.
Can I use the same for https or if not possible help me with some other possibilities.
How about using iptables? Is it a part of dnsmasq or different from it?
In order to inspect HTTPS, you need install for example SQUID and enable SSL Inspection.
I have a script which has https capability and also http with proxy capability. How can I use it to access a site on https through Tor as a proxy?
I tried using Delegate as described here:
https://superuser.com/questions/423563/convert-http-requests-to-socks5
But that only works for http sites not for https. Is there a way to access https sites as well?
It is a Lua script running using a Sockets library and OpenSSL library.
Thanks
I followed the example in the following SO question to successfully set up an Apache forwarding proxy: Setting up an Apache Proxy with Authentication
It works well, except that when accessing sites via https, it says it cannot find the site. For example, Chrome gives
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
And on the server, I do not even see something in the access logs. For my proxy settings, I have configured the same for http and https (i.e. port 80 on my proxy server).
Do you perhaps have an example of how to set up a forward proxy with Apache for https?
It seems the only thing I was missing is that I had not enabled mod_proxy_connect which was achieved with
sudo a2enmod proxy_connect
To quote the mod_proxy_connect documentation page:
This module requires the service of mod_proxy. It provides support for
the CONNECT HTTP method. This method is mainly used to tunnel SSL
requests through proxy servers.
Are you attempting to terminate the SSL or just trying to create a forward proxy without handling any SSL certs? The issue that you are having is because during HTTPS proxying, the browser attempts to create an HTTP tunnel and it seems that your server is not correctly configured to handle tunneling. You can see another example here: Implementing a Simple HTTPS Proxy Application.
Here is another helpful thread on proxying HTTPS traffic with HTTP tunneling: Tunnel over HTTPS.
If you can choose something else other than Apache, I would suggest you use a robust forward proxy such as Squid or TrafficServer that are built to handle this type of setup.