using cloudflare to get ssl on a custom domain hosted on github - https

I was pointing a custom domain to my username.github.io account, by using A records in Domain Registrar (Route 53) and a CNAME in my master branch that said custom_domain.me. I want to move to https.
I created an account on cloudflare, changes the NS records on Route 53 to point to cloudflare, and changed CNAME record in my master branch to https://custom_domain.me.
I want to access https://custom_domain.me, but I cannot. I have waiting only one hour now. Am I missing something or should I just wait?

In order to use CloudFlare on a Free/Pro account; you will need to move your DNS to CloudFlare, not just simply add NS records to Route53.
Route53 commonly provide simply DNS services, you have an interesting use-case as your also using their domain name registration service.
If your domain is registered with Route53 and also using Route53 for DNS, you will need to change this so CloudFlare does your DNS by changing the nameservers.
Once with CloudFlare, your DNS will be entirely managed by CloudFlare. Run through the CloudFlare set-up, verify your DNS records and you'll be presented with 2 new CloudFlare nameservers to use.
In order to configure this, please set the nameservers in Route53 to the ones in CloudFlare: http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html

Related

Transfer DNS management to Route53 while keeping subdomain pointing to a different server

I need to transfer DNS management to AWS Route53 so I can host multiple Wordpress sites with different domains on a Lightsail instance using Plesk Obsidian. I've already set up one domain and its website. The next domain I need to setup for a Wordpress site that'll run on the Lightsail instance has an existing subdomain that's used for an app running on an EC2 instance. That EC2 instance's URL doesn't use a Route53 zone, i.e., it just has an A record that associates the subdomain to the EC2's static IP address.
My question is whether I need to create a Route53 zone for the subdomain after I move DNS record management to Route53, or is just keeping the A record for the subdomain in the Route53 DNS records sufficient without creating a separate Route53 zone?
Hopefully my question/concern makes sense. My concern stems from whether Route53 behaves like any other DNS manager or if it has peculiarities I need to be aware of for what I want to do.
I figured I'd just have to learn by trial and error since no one answered.
I created the A record on Route53 to point to the subdomain and switched to AWS nameservers ... and voila, it worked without having to add the subdomain as a Route 53 zone. My security certificate even resumed working on the subdomain after a 10 minute period in which it couldn't find the CNAME record of the certificate issuer.
So long story short, Route53 works just fine for pointing to subdomains outside of the Route53 zone. One A record does the trick.

Heroku redirect from example.com to www.example.com retaining HTTPS using AWS

I have a Heroku app set up with SSL certificates, and my DNS does not allow CNAME records at the Apex level. Meaning, I cannot point my A Record at my Heroku app URL (A level records can only be IP addresses and Heroku cannot provide a static IP).
There other methods (both here on stack and on heroku's guides) that recommend using other DNS providers, but I would like to try and solve this with AWS (Specifically Route53), while also retaining our https:// in the domain for SSL.
I found some guides on how to do this, but there seemed to be complications (headers messed up, cannot retain https etc). I will provide an answer below outlining how I achieved this, but encourage discussion on what repercussions my solution may incur.
I discovered this guide on the Heroku website:
Configuring Amazon Route 53 DNS for Your Heroku App
The outline of the solution is to create an S3 bucket as a static website host that simply redirects to your Route53 hosted zone. Here are the basic steps:
Create a new hosted zone on your Route 53 Management Console with your domain (example.com)
Create a CNAME entry for www.example.com with the value set as your heroku custom domain (www.example.com.herokudns.com)
Create an S3 Bucket with the same name as your domain (example.com), and set it as a static website host
In the settings for static website hosting set this to "Redirect Requests" and set the target as www.example.com and the protocol to https
Return to Route 53 and add an A Level Alias with the target as your newly created bucket
Finally point your DN Providers Name servers at your new Route 53 hosted zone (you can get the list of name servers from the sidepanel in your management console)
And that's it! After the TTL expires on your Name Servers your site should be up and running and both example.com and www.example.com

Heroku SSL with Route53

My SSL certificate is all set up and ready to go on Heroku. I followed the instructions here https://devcenter.heroku.com/articles/route-53 to correctly redirect requests (e.g. example.com to www.example.com) using AWS S3. HTTPS works great when requestiong https://www.example.com; however, if I attempt to request https://example.com, the page cannot be found. Any thoughts?
Using Route 53, you want to create the following DNS records:
www.example.com CNAME your_app.herokuapp.com
example.com ALIAS your_app.herokuapp.com
Your www.example.com hostname should be a CNAME record that delegates to your Heroku App hostname. Any other regular hostnames should be CNAMEs.
The example.com "Apex" or "naked domain" record must return an A record and cannot be a CNAME. Route53 implements the ALIAS record type, which looks up the values for your_app.herokuapp.com and returns a set of current A records to match.
I've just been through this myself. The easiest and cheapest way to do it is to let Heroku (minimum 7 USD box) manage the SSL (ACM).
Add a custom domain there and enable SSL and you will be presented with a DNS target like: www.yourcustomdomain.com.herokudns.com. In Route53 add a CNAME record for your www.yourcustomdomain.com with the target into www.yourcustomdomain.com.herokudns.com.
Wait to refresh the DNS internationally.
I would assume the S3 bucket for directing the naked domain into the www.domain was done previous to the above mentioned.

Custom root domain on Heroku

I have a domain, example.com, that I want to use for my rails-app that resides at example.herokuapp.com and I'm pretty confused how to go about to do this.
Heroku says
"Zone apex domains (aka "naked", "bare" or "root" domains), e.g.,
example.com, using conventional DNS A-records are not supported on
Heroku." And then they go on explaining workarounds (using ALIAS or
ANAME).
I have spent a good hour reading up on the subject (here on SO and elsewhere) but still don't get my head around this.
Are there any alternative ways or explanations on how to acomplish this for "a dummy"?
I'll take a stab at this as it's a frequent question.
Ok, so assuming you have a domain example.com and you want to use www.example.com to host your site. In traditional hosting you'd probably have a virtual server which has been assigned an IP address, in this case you would use a host record, otherwise known as an A record in DNS control panels to map www.example.com to the IP address. In this case, since you have now set www.example.com to a fixed IP address should that IP address ever change you will need to update your DNS yourself.
Also, with traditional hosting you could have example.com set to the same IP address so www.example.com and example.com would work for naked domains.
Ok, so what's a CNAME record. A CNAME record rather than mapping to an IP address maps the record to another DNS entry. So, www.example CNAME'd to example.herokuapp.com means that Heroku can and may move where example.herokuapp.com is pointing at but you don't have to update anything as you're using an CNAME record and Heroku are managing where example.herokuapp.com is pointing (which can and may be another CNAME or an IP address). The problem with CNAME records is that they CANNOT point to an IP address, which is fine for www.example.com but a problem with example.com. Heroku previously published IP addresses to be used for naked domains but problems ensued when they suffered DDOS attacks and couldn't replace those IPs with new ones as they were published IP addresses. For the new EU region, Heroku ARE NOT publishing IP addresses for use with naked domains.
What several DNS providers (DNSsimple I know is one) have done is add their own ALIAS records to their DNS servers to allow you to use CNAME's with naked domains so both www.example.com and example.com will work as now supported by Heroku. If you DNS provider does not support ALIAS records then it's worth moving the domain to a DNS provider that does support it. DNSsimple also supports redirect records so you can have www.example.com redirect to example.com at the DNS provider level and not at your application layer.
Found this:
http://blog.cloudflare.com/zone-apex-naked-domain-root-domain-cname-supp
CloudFlare provides a whole bunch of other benefits as well. I've been using them for all of my Heroku apps and I'm quite pleased to be honest.
They provide a lot value for free from my experience with them thus far.
If you look at DNS records specification you'll find no such record as ANAME.
The best way to solve this problem is:
Make CNAME entry for www subdomain to your heroku app, and CNAME record for root domain to www subdomain.
www.domain.com. 3600 IN CNAME app.herokuapp.com.
# 3600 IN CNAME www.domain.com.
P.S. It works, and do not make you waste money for mystic DNS records

How do I set up DNS for an apex domain (no www) pointing to a Heroku app?

I already added a custom domain to my Heroku app and it works with www.domain.com.
I need to know how to set up the domain without www to resolve to the app, too.
Here are my current DNS settings:
$TTL 86400
# IN SOA ns1.first-ns.de. postmaster.robot.first-ns.de. (
2013041500 ; serial
14400 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
# IN NS robotns3.second-ns.com.
# IN NS robotns2.second-ns.de.
# IN NS ns1.first-ns.de.
# IN A 88.198.38.XXX
localhost IN A 127.0.0.1
mail IN A 88.198.38.XXX
ftp IN CNAME www
imap IN CNAME www
loopback IN CNAME localhost
pop IN CNAME www
relay IN CNAME www
smtp IN CNAME www
www IN CNAME appname.herokuapp.com.
# IN MX 10 mail
What are the correct settings to use so that both example.com and www.example.com would point correctly to my Heroku app?
(Note: root, base, apex domains are all the same thing. Using interchangeably for google-foo.)
Traditionally, to point your apex domain you'd use an A record pointing to your server's IP. This solution doesn't scale and isn't viable for a cloud platform like Heroku, where multiple and frequently changing backends are responsible for responding to requests.
For subdomains (like www.example.com) you can use CNAME records pointing to your-app-name.herokuapp.com. From there on, Heroku manages the dynamic A records behind your-app-name.herokuapp.com so that they're always up-to-date. Unfortunately, the DNS specification does not allow CNAME records on the zone apex (the base domain). (For example, MX records would break as the CNAME would be followed to its target first.)
Back to root domains, the simple and generic solution is to not use them at all. As a fallback measure, some DNS providers offer to setup an HTTP redirect for you. In that case, set it up so that example.com is an HTTP redirect to www.example.com.
Some DNS providers have come forward with custom solutions that allow CNAME-like behavior on the zone apex. To my knowledge, we have DNSimple's ALIAS record and DNS Made Easy's ANAME record; both behave similarly.
Using those, you could setup your records as (using zonefile notation, even tho you'll probably do this on their web user interface):
# IN ALIAS your-app-name.herokuapp.com.
www IN CNAME your-app-name.herokuapp.com.
Remember # here is a shorthand for the root domain (example.com). Also mind you that the trailing dots are important, both in zonefiles, and some web user interfaces.
See also:
Doing DNS right with Heroku
Avoiding Naked Domains and DNS A-records
Remarks:
Amazon's Route 53 also has an ALIAS record type, but it's somewhat limited, in that it only works to point within AWS. At the moment I would not recommend using this for a Heroku setup.
Some people confuse DNS providers with domain name registrars, as there's a bit of overlap with companies offering both. Mind you that to switch your DNS over to one of the aforementioned providers, you only need to update your nameserver records with your current domain registrar. You do not need to transfer your domain registration.
To point your apex/root/naked domain at a Heroku-hosted application, you'll need to use a DNS provider who supports CNAME-like records (often referred to as ALIAS or ANAME records). Currently Heroku recommends:
ALIAS at DNSimple
ANAME at DNS Made Easy
ANAME at easyDNS
ALIAS at PointDNS
CNAME at CloudFlare
Whichever of those you choose, your record will look like the following:
Record: ALIAS or ANAME
Name: empty or #
Target: example.com.herokudns.com.
That's all you need.
However, it's not good for SEO to have both the www version and non-www version resolve. One should point to the other as the canonical URL. How you decide to do that depends on if you're using HTTPS or not. And if you're not, you probably should be as Heroku now handles SSL certificates for you automatically and for free for all applications running on paid dynos.
If you're not using HTTPS, you can just set up a 301 Redirect record with most DNS providers pointing name www to http://example.com.
If you are using HTTPS, you'll most likely need to handle the redirection at the application level. If you want to know why, check out these short and long explanations but basically since your DNS provider or other URL forwarding service doesn't have, and shouldn't have, your SSL certificate and private key, they can't respond to HTTPS requests for your domain.
To handle the redirects at the application level, you'll need to:
Add both your apex and www host names to the Heroku application (heroku domains:add example.com and heroku domains:add www.example.com)
Set up your SSL certificates
Point your apex domain record at Heroku using an ALIAS or ANAME record as described above
Add a CNAME record with name www pointing to www.example.com.herokudns.com.
And then in your application, 301 redirect any www requests to the non-www URL (here's an example of how to do it in Django)
Also in your application, you should probably redirect any HTTP requests to HTTPS (for example, in Django set SECURE_SSL_REDIRECT to True)
Check out this post from DNSimple for more.
I am now using Google Apps (for Email) and Heroku as web server. I am using Google Apps 301 Permanent Redirect feature to redirect the naked domain to WWW.your_domain.com
You can find the step-by-step instructions here
https://stackoverflow.com/a/20115583/1440255
You are not allowed to have a CNAME record for the domain, as the CNAME is an aliasing feature that covers all data types (regardless of whether the client looks for MX, NS or SOA records). CNAMEs also always refer to a new name, not an ip-address, so there are actually two errors in the single line
# IN CNAME 88.198.38.XXX
Changing that CNAME to an A record should make it work, provided the ip-address you use is the correct one for your Heroku app.
The only correct way in DNS to make a simple domain.com name work in the browser, is to point the domain to an IP-adress with an A record.

Resources