How to ensure HTTPS root domain requests are redirected to www for Heroku

1
votes

I'm using a wildcard certificate with Heroku for my Rails 4.2 project which provides users subdomains for their accounts. I've got it almost working perfectly but have a few kinks to iron out.

If I type http://example.com in the brower, it get's redirected to https://www.example.com and resolves fine.

However if I type https://example.com I get the following in my browser

Unable to connect. Firefox can't establish a connection to the server at mydomain.com. The site could be temporarily unavailable or too busy. Try again in a few moments....

These are my DNS settings

@ ----> http://www.example.com URL-REDIRECT (This is intentional - Heroku cant use naked domains with SSL)

www ----> blahblah-1234.herokussl.com CNAME

subdomains

* ----> blahblah-1234.herokussl.com. CNAME

As well as the DNS 'url-redirect' mentioned above I have also configured rails to rewrite rootdomain requests. (I dont think the reqest is even hitting rails though)

I have created a middleware to rewrite requests 'example.com' to 'www.example.com' and inserted it before ActionDispatch::SSL

class RootToWWW
  def initialize(app)
    @app = app
  end

  def call(env)
    request = Rack::Request.new(env)
    if request.host.starts_with?('myexample.com')
      [301, {"Location" => request.url.sub("//", "//www.")}, self]
    else
      @app.call(env)
    end
  end

  def each(&block)
  end
end 


# in production.rb
config.middleware.insert_before 'ActionDispatch::SSL', 'RootToWWW'

Can anyone explain how I can ensure https requests to root domains get redirected to www?

1
sslherokudns
seems this is related to stackoverflow.com/questions/37766864/… , what is the fix for this problem? - Raghvendra Parashar

1 Answers

1
votes

Firefox can't establish a connection

This means that it can not establish the TCP connection to port 443 on the server example.com. Either there is no SSL server running for this domain on the IP address provided for example.com or a firewall blocks the connection.

These are my DNS settings

@ ----> http://www.example.com URL-REDIRECT (This is intentional - Heroku cant use naked domains with SSL)

A URL redirect is not really a DNS thing, but it needs to have a web server at example.com which then does a HTTP redirect to www.example.com. Based on your comment that Heroku can't deal with SSL on naked domains I would suggest, that example.com and www.example.com are different web servers and are on different IP addresses. In this case you will not be able to use SSL with a naked domain because the webserver on the naked domain does not do SSL at all, i.e. it does not listen on port 443 for connection and thus you get "Firefox can't establish a connection". And if you cannot use SSL on the naked domain you can not do a redirect for https either, because this redirect needs first an established SSL connection.