Heroku SSL on root domain
Wow...this took me forever, and a bunch of info on the web was wrong. Even Heroku's docs didn't seem to indicate this was possible.
But Jesper J's answer provides a hint in the right direction: it works with DNSimple's ALIAS record which I guess is some new sort of DNS record they created. I had to switch my DNS service over to them just to get this record type (was previously with EasyDNS).
To clarify when I say "works" I mean:
- entire site on SSL using your root domain
- no browser warnings
- using Heroku's Endpoint SSL offering ($20/month)
It works for all of the following urls (redirects them to https://foo.com with no warnings)
- http://foo.com
- http://www.foo.com
- https://www.foo.com
- https://foo.com
To summarize the important bits.
- move your DNS over to DNSimple (if anyone knows other providers offering an ALIAS record please post them in the comments, they were the only one I could find)
- setup Heroku endpoint ssl as normal https://devcenter.heroku.com/articles/ssl-endpoint
- Back in DNSimple add an
ALIAS
record pointingfoo.com
to your heroku ssl endpoint, something likewaterfall-9359.herokussl.com
- Also add a CNAME record pointing
www.foo.com
to your heroku ssl endpoint,waterfall-9359.herokussl.com
- finally in your rails (or whatever) app make the following settings:
in production.rb
set
config.force_ssl = true
in application_controller.rb
add
before_filter :check_domain
def check_domain
if Rails.env.production? and request.host.downcase != 'foo.com'
redirect_to request.protocol + 'foo.com' + request.fullpath, :status => 301
end
end
This finally seems to work! The key piece seems to be the ALIAS
dns record. I'd be curious to learn more about how it works if anyone knows, and how reliable/mature it is. Seems to do the trick though.
DNSimple offers an ALIAS record type to address this need. You can create an alias from your root domain (a.k.a zone apex) pointing to a CNAME. Read more about it here:
http://blog.dnsimple.com/introducing-the-alias-record/
DNS redirects wouldn't care whether the inbound request is http or https so would maintain the original protocol - so would redirect http://foo.com to http://www.foo.com and the same for https.
You'll need to do it within the application via the gem you found or some other rack redirect gem or if www. is a problem use the IP based SSL addon.