stackoom
  简体   繁体   中英

Subdomain for SSL on Heroku

 原文  2010-12-12 06:37:48       ruby-on-rails/ ssl/ heroku

Question

Why is it recommended to create an SSL certificate for secure.mydomain.com, rather than www.mydomain.com for use on Heroku? I've read this suggestion in a few blog posts, but the authors didn't elaborate. It seems like using secure.mydomain.com requires some rerouting when switching between SSL and non-SSL requests, and can cause difficulties with sessions.

2 answers

solution1
 4 ACCPTED  2010-12-15 20:56:09

The restriction is that you can't have their hostname-based SSL on the root domain (mydomain.com); it must be on a subdomain (eg www.mydomain.com, secure.mydomain.com). This is because of the way the DNS system works:

Hostname based SSL will not work with root domains as it relies on CNAME aliasing of your custom domain names. CNAME aliasing of root domains is an RFC violation.

Your sessions crossing domains can indeed be a pain. Many people have written about it though: http://www.google.com/search?&q=ssl+on+subdomain+rails

As an alternative, you can use their IP-based SSL offering with root domains, but it's $100/mo.

solution2
 1  2010-12-12 06:44:01

Have you checked heroku.com documentation. they have a really good one.

check first. http://docs.heroku.com/ssl

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Heroku SSL with website subdomain causing security warnings in browser resolving rails subdomain with heroku Heroku subdomain DNS How to set subdomain on heroku Heroku, custom subdomain and a custom constraint Redirecting subdomain for static assets on Heroku Rails 3 - Subdomain Issue Moving to Heroku Assign domain to a subdomain in a Heroku application How to disable SSL for custom subdomain Cloudflare + Heroku SSL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM