heroku:在免费计划上设置 SSL 证书? [英] heroku: set SSL certificates on Free Plan?
问题描述
我想为我在 heroku 上的一个应用程序(一个基于 nodeJS + Vue 的简单应用程序)设置一些 SSL 证书.
我知道如果我升级到爱好计划(每月 7 美元),我可以自动拥有它.
但是现在对于测试应用程序来说太贵了,所以我想知道我是否也可以通过免费计划实现一些类似的目标.
所以:是否可以使用免费计划为 Heroku 上的应用程序设置 SSL 证书?也许通过 CLI 以一种复杂/棘手的方式?
从 Heroku 页面和文档来看,这似乎是不可能的.但我不得不问:)
这里我有一个更好的方法来处理这个问题.由于 Heroku 不提供 SSL 免费计划.但是您可以使用提供免费 SSL 的 Cloudflare.您可以使用 Cloudflare 作为 SSL 的桥梁.
要求:
- Cloudflare 帐户
- 您的应用程序不应具有内置 SSL 重定向(如 redirect-ssl)否则,这将导致太多重定向错误
第 1 步:将您的域指向 CloudFlare.您基本上打开一个帐户并在出现提示时输入您的域.您可能会收到更改域名服务器的说明.
第2步:在Cloudflare的DNS中添加Heroku Server的Cname Record.说明在
现在了解工作原理:-
客户端(浏览器)向 https://example.com 发出请求首先,请求通过 SSL 到达 Cloudflare.(用户看到到服务器的加密连接.)
然后 Cloudflare 使用非 SSL(非 Https 和未加密)向 Heroku 服务器(源)发出请求.
然后 Heroku 服务器(源)将非 SSL 响应返回给 Cloudflare.
最后 Cloudflare 将请求转发给客户端(浏览器)
你可能会想,只加密半个系统有什么好处.但有总比没有好".
您来到这里是因为您不想在 heroku 付费 dynos 上花钱.
这个方法更适合那些使用http的人.至少它保护最脆弱的一面(客户端).大多数攻击发生的地方.cloudflare 和您的服务器之间受到攻击的可能性非常小.因为网络覆盖.
易受攻击的概率越低,比 100% 易受攻击的系统越好
我已经测试了这种方法并在 https://www.auedbaki.com
I would like to set some SSL certificates for one app I have on heroku (a simple application based on nodeJS + Vue).
I know if I upgrade to the Hobby Plan (7$ for month) I can have it automatically.
But for now it would too much money for a test application, so I am wondering if I can achieve some similar goal also with a Free Plan.
so: Is it possible to set SSL certificate for an app on Heroku JUST with the Free Plan? Maybe in a complicated/tricky way via CLI?
From the Heroku pages and documentation it looks not possible. But I have to ask :)
Here I have a better approach to deal with this. As Heroku Doesn't provide SSL for Free Plan. But You can use Cloudflare which gives free SSL. You can Use Cloudflare As Bridge For SSL.
Requirement:
- Cloudflare Account
- Your Application should not have inbuild SSL redirection (like redirect-ssl) Otherwise, This will result in Too Many Redirect Error
Step 1: Point Your domain to CloudFlare. You basically open an account an enter your domain when prompted. You may be given instructions to change your domain name servers.
Step 2: Add Cname Record of Heroku Server in DNS of Cloudflare. Instructions are here Here You will get Some SSL Security Issue.
Step 3: Now Change Your SSL/TLS encryption mode to Flexible (Not Full). *Important
Now Understand the Working:-
Client(Browser) Make Request to https://example.com First, the request reaches the Cloudflare with SSL. (User see encrypted connection to the server.)
Then Cloudflare makes request to Heroku Server(Origin) with Non-SSL (Non-Https and Unencrypted).
Then Heroku Server (Origin) returns the Response with Non-SSL to Cloudflare.
At the end Cloudflare forward the request to Client (Browser.)
You might think, What is the benefit of just encrypting half system. but "Something is better then nothing".
You are here because you don't want to spent money on heroku paid dynos.
This method is better for those who is using http. Atleast it protects the most vulnerable side (client side). Where most of the attack happen. There is very less chances of attack between cloudflare and your server. Because of network reach.
Having less vulnerable probability is better then 100% vulnerable system
I have tested this method and working on https://www.auedbaki.com
这篇关于heroku:在免费计划上设置 SSL 证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
