Custom domain which heroku forwarded to in not secure node.js - heroku

What steps do I need to take to move my normal node.js application into a state where it is secure on my custom domain? When I visit my heroku application example.herokuapp.com, the connection is secure across https://.
When I forward that heroku domain to my own site however www.example.com, it shows a warning that the connection is not secure.
Are there any articles online that have answered this question? I cannot seem to find any information on what steps to take. Thanks all

The steps for setting up custom domain SSL with your Heroku app are as follows:
1- Add your SSL add-on:
$ heroku addons:add ssl
2- Add the certificate to your app
Using the certificate you generated in the previous step, upload it to Heroku:
$ heroku certs:add server.crt server.key
3- Configure DNS
Add a CNAME record in the DNS configuration that points from the domain name that will host secure traffic e.g. www.yourdomain.com to the SSL endpoint hostname, e.g. example.herokussl.com. Consult your DNS provider for instructions on how to do this. The target should be the fully qualified domain name for the SSL endpoint associated with the domain.
You will find further information in Heroku Dev Center:
https://devcenter.heroku.com/articles/ssl-endpoint

Assuming you have the hobby or professional account, run the following command to get the automated certificate management (ACM) to work:
heroku certs:auto:enable -a <app name>
https://devcenter.heroku.com/articles/automated-certificate-management

Use Expedited CDN add-on and you can force for https for free.
First you need to be in at least hobby plan.
Need to add automated Automated Certificate Management (ACM) and your custom domain/s.
You can add Expedited CDN from resources tab of your project and its free.
Then visit Expedited CDN and configure DNS as mentioned there its easy and hassle free just follow the steps, trust me it will work.
I have provided some screenshots only for reference.
It has lot of additional features you might be looking.

Related

How to point a domain at Siteground to an app hosted by Heroku?

A while back I purchased a domain through siteground. I have a build a react app that I just deployed at Heroku and want to point the domain located at siteground to the app. However I'm having some issues with it. I need to add it to the cname record but I have no idea how. I have tried it now by making a cname record for [www].example.nl with resolves to erwer1234adadad.herokudns .com which is the (*.example.nl) however it's still not working (gyazo.com/c321dd078fa34343a696074c4c4fa884)
I contacted the siteground support but they think I speak french.
In my opinion site ground doesn't support naked/root domain pointing so I would suggest to use any service like cloudflare or dns simple , if you don't want to use external service you can go ahead with point dns a heroku addon.
Please follow the below-mentioned steps to configure pointDNS
1.Go to APP -> settings-> under domain section add below domains
domainname.com
www.domainname.com.
2. Go to resources-> add PointDNS addon,
Verify by clicking on pointDNS
3. Copy all NS records from dataplug to pointDNS
4. Update NS issued by pointDNS (dns8.pointhq.com,dns12.pointhq.com) in siteground

error on web browser 'Website not secure'

I have a application hosted when I visit the site www.mysite.co.uk
Im getting Website Not Secure. Obviously this doesnot look good if users are accessing the site. How Can I fix this?
My application is hosted on heroku
I have added my domain to heroku:
Domain -> www.mysite.co.uk
DNS -> www.mysite.co.uk.herokudns.com
ACM Staus:OK
Heroku also gives me info that "Your app can be found
at https://www.mysite.co.uk"
And heroku manages the SSL certificate automatically.
The domain however is managed by gandhi.net
And I have configured the DNS to:
www CNAME 10800 www.mysite.co.uk.herokudns.com.
That is the responsibility of the one who offers the domain, because they are the ones who have the servers, in the browsers it appears that it is not safe because they do not have the necessary security certificates to be considered a "secure site".
If the hosting provider tells you that you have to install it, you should ask them how to do it

Blocked requests by default to https self signed backend

On my staging server I am connecting to self-signed https api backend. And by default requests can't be made, because browser treat backend as danger.
I have to open backend url in browser
https://my-api-backend.elasticbeanstalk.com
my-api-backend.elasticbeanstalk.com:8443 uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is not valid for the name my-api-backend.elasticbeanstalk.com. Error code: SEC_ERROR_UNKNOWN_ISSUER
After manually confirm that is secure it works. It is fine for me to do this, but not for managers etc. Another thing I was thinking about blocking backend access from outside and allow access only from frontend.
Is there any solution to this problem other than buying domain a sign it properly?
If it is a staging environment it should reflect a production environment so you should use a real domain signed correctly.
Certificates are free through AWS ACM or LetsEncrypt.
Why not use a sub domain like staging.domain.com, it would be free as well. Otherwise domains are cheap and it shouldn't be worth the hassle.

Deploying a Phoenix app to Heroku using CloudFlare

I started developing my personal blog (and a basic CMS) using Phoenix.
I successfully deployed it to Heroku following the Documentation/Guides, it's live.
Now I added my custom domain "jonathansoifer.com" to the Heroku App but everytime I access it, the URL on the browser switches from that custom domain to the "Heroku app URL" (jonathansoifer.herokuapp.com).
Am I missing something?
It might be useful to know that the DNS is being managed by CloudFlare, using CNAME flattening as recommended by CloudFlare itself.
CNAME • jonathansoifer.com • jonathansoifer.com.herokudns.com
Sure enough, the issue was within config/prod.exs.
I had hard coded the Heroku URL there in order to take advantage of Heroku's free SSL when using their subdomains.

Connection is not private using Google Domains and Heroku

I have a domain that I purchased from Google and a heroku app that I'm trying to send it to.
I've done the steps in this article: https://www.justinvrooman.com/articles/how-to-use-heroku-with-google-domains
and yet when I try to access the site I get a
Your connection is not private
Attackers might be trying to steal your information from www.***.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
What am I doing wrong with my set up or why am I getting this message?
It looks like you've enabled SSL in your Rails app but your site doesn't have an SSL certificate configured. To disable SSL, set the following to "false" in your 'config/environments/production.rb' file.
config.force_ssl = false
In addition, in the same file, don't forget to set your "host" equal to your custom domain.
host = 'www.yourdomain.com'
If you want to run SSL on a custom domain (e.g. www.example.com) you'll need to purchase and configure an SSL certificate for your domain.
If, however, you are fine using Heroku's domain (e.g. example.herokuapp.com), then you can piggyback on Heroku's SSL certificate.
More info on running SSL on a custom domain through Heroku: https://devcenter.heroku.com/articles/ssl-endpoint

Resources