Heroku SSL
techgaun opened this issue · comments
Heroku provides SSL configuration setup via its ACM feature which is very convenient but I've not found a way to make it convenient to run this wiki on heroku with http to https redirection working fine. If I enable SSL_ACTIVE
to true
, it would try to provision cert via letsencrypt (given configs are set) but the challenge verification fails (seems like heroku does some sort of rewrite for the URL). What is the recommended setup to enable http to https redirection for Wiki deployment.
Also, on https://github.com/Requarks/wiki/blob/2.4.107/server/controllers/ssl.js#L29-L36, would it be convenient to provide an override such that we can always perform override for ssl redirection regardless of configurations. For example, something like ALWAYS_SSL_REDIRECT
that can be set to true
or 1
? At the moment, enabling httpRedirection
is not enough because unless letsencrypt or custom SSL cert is setup, WIKI.servers.servers.https
is not be there causing the redirect to never happen.
Heroku router expects the redirection to happen on application level. The alternative solution to having ALWAYS_SSL_REDIRECT
would be to check X-Forwarded-Proto
and perform redirect (https://help.heroku.com/J2R1S4T8/can-heroku-force-an-application-to-use-ssl-tls) which is pretty straightforward and should work generally in other places too. Thoughts?