为应用程序Heroku HTTPS配置SSL [英] Configuring SSL for an App Heroku HTTPS
问题描述
你好,我目前正在浏览下面的教程,以将ssl添加到我的heroku应用程序中。
https://gist.github.com/shripadk/552554
因此今天,我买了一个域名,将cname设置为指向我的heroku应用程序
目前我的域名正在使用中。
将SSL安全功能添加到我的应用程序中,以便secure.domainname.com可以正常工作
继教程之后
heroku addons:add custom_domains:basic
出现错误
找不到添加物
我无法在heroku上找到这个附加组件。但我通过stackoverflow搜索这个命令,并假设它存在?
我得到了与此命令相同的错误
heroku addons:add ssl:hostname
但它也表示加上找不到,后来我在heroku上发现了这个相同的附加功能,但是它带有一个不同的命令。
这是我在教程中找不到的部分
p>在
上添加ssl add后,这将增加20美元/月(截至撰写本文时为止)向您的Heroku账单收取SSL费用。
VI:设置您的DNS以使用Heroku Hostname SSL
-
您应该收到来自heroku几分钟后添加ssl:hostname addon。您需要向您的DNS添加CNAME记录,该记录指向您收到的电子邮件中的AWS主机。这应该是非常明显的,但如果您有任何问题,请在Google中搜索添加CNAME记录,您会看到很多不错的指南。
- <测试'主机secure.yourdomain.com'输出'something.amazonaws.com'。如果确实如此,你就全都定了。
您现在应该可以转到 https://secure.yourdomain.com ,而不能看到任何错误或安全警告。
幕后发生的事情
当用户使用 http:// secure访问您的网站时。 yourdomain.com ,他们正在点击GoDaddy CNAME记录,该记录指向一个'something.amazonaws.com'地址,该地址有效地将请求路由到Heroku的网格,并从该地点开始建立安全连接SSL握手过程。
我没有收到电子邮件,appname.herokussl.com也不存在?
我是否会使用Zerigo DNS?对于任何事情来说,它在教程的顶部提到过一次,但没有在其他地方提及过。
从阅读评论的时候,有人对最后部分也有问题。 p>
谢谢!
自己的服务器设置,并且当第一次尝试在heroku上设置时,我没有正确执行,因此我将解释在heroku上设置ssl时的一些重要步骤。
- 使用OpenSSL使用主机密钥生成新的自签名证书('host.csr')我们刚刚创建。这是您将要发送给
GoDaddy以在建立新的SSL后建模的内容。
在上面的步骤中,请确保您正确填写信息,并确保您的通用名称与您的ssl证书名称相符。
2。合并'secure.yourdomain.com.crt'和'host.key':
您需要结合你的SSL密钥。如果您使用的是godaddy,则会有两个文件包含名称gd_bundle.crt和 secure.yourdomain.com 。在教程中,您将生成大约5-6个文件,您只能使用1个文件。
- 删除(Heroku要求)
为了让heroku读取您的ssl证书,您将需要删除证书上的所有密码,以确保密码被删除。将有两个文件,取决于你如何将它们与扩展名.pem和.key(更新的不是你开始使用的)进行组合。
你已经很可能现在通过命令行运行添加域和子域名
heroku ssl:add ../ssl-cert/public .pem ../ssl-cert/private.key
请记住获取最新更新文件的路径。另外,在编辑文件和复制密钥时,确保密钥之间没有空白。让我知道这是否有帮助。
Hello I am currently going through the tutorial below to add ssl to my heroku app
https://gist.github.com/shripadk/552554
so for today, I bought a domain name, set the cname to point to my heroku app
Currently my domain name is working.
I am trying to add ssl security feature to my app so secure.domainname.com works
Following the tutorial
heroku addons:add custom_domains:basic
I got an error
add ons not found
I can't find this add on on heroku as well. but I searched this command through stackoverflow and its suppose to exist?
I got the same error with this command
heroku addons:add ssl:hostname
but it also said adds on not found, later I found this same add on heroku but its with a different command.
This is the part that I don't get on the tutorial
After adding the ssl add on
This will add a $20/month (as of the time of this writing) fee to your Heroku bill for SSL. VI: Setting up your DNS to work with Heroku Hostname SSL
You should recieve an email from heroku within a few minutes of adding the ssl:hostname addon. You need to add a CNAME record to your DNS that points to the AWS host in the email you receive. This should be pretty self explanatory, but if you have any questions, search for 'adding a CNAME record' in Google and you'll see lots of good guides.
Test that 'host secure.yourdomain.com' outputs 'something.amazonaws.com'. If it does, you're all set. You should now be able to go to 'https://secure.yourdomain.com' and not see any errors or security warnings. What is going on behind the scenes When a user visits your site using 'http://secure.yourdomain.com', they're hitting your GoDaddy CNAME record, which points to an 'something.amazonaws.com' address which effectively routes the request to Heroku's grid, and a secure connection gets established from there following the standard SSL handshake process.
I didn't get an email, neither does appname.herokussl.com exist? Am I suppose to use Zerigo DNS? for anything, its mentioned once in the top of the tutorial but not anywhere else?
From reading the comments, someone got a problem with the end part as well.
Thanks!
I followed this tutorial for both heroku and for my own server setup and when trying to setup on heroku for the first time I did not do it correctly so I will explain some of the important steps when setting up ssl on heroku.
- Use OpenSSL to generate a new self-signed certificate ('host.csr') using the host key we just created. This is what you'll be sending to GoDaddy to model your new SSL after.
At the step above make sure you fill in the information correctly and also make sure your common name matches your ssl certificate name.
2. Combine 'secure.yourdomain.com.crt' and 'host.key':
You will need to combine your ssl keys. If you're using godaddy there are 2 files included name gd_bundle.crt and secure.yourdomain.com. Upon during the tutorial you will generate about 5-6 files in which you will only use 1.
- Remove pass phrase from the public key certificate (required by Heroku)
In order for heroku to read your ssl cert you will need to remove all passwords on the certs so make sure the passwords are removed. There will be two files depending on how you have combined them with the extensions .pem and .key (The updated ones not the ones you started with).
You've most likely added the domain and subdomain so now through the command line run
heroku ssl:add ../ssl-cert/public.pem ../ssl-cert/private.key
Remember get the path of the newly updated files. Also when editing the files and copying over keys make sure there are no white spaces in between keys. Let me know if this helps.
这篇关于为应用程序Heroku HTTPS配置SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
