如何在Heroku上禁用HTTPS [英] How do I disable HTTPS on Heroku
问题描述
我创建了一个网站并将其放在Heroku上。然后,我在Heroku控制面板中添加了一个自定义域(例如site.example.com),并将DNS指向我的Heroku地址。这工作正常,但当我访问该网站时,我得到一个大的浏览器警告,说证书是为herokuapp.com,而不是site.example.com。如何关闭HTTPS或以其他方式解决问题? (我不需要我自己的SSL证书)。
I created a site and put it on Heroku. I then added a custom domain (e.g. "site.example.com") in the Heroku control panel and I pointed the DNS to my Heroku address. This works fine, but when I visit the site, I get a big browser warning, saying the certificate is for herokuapp.com, not for "site.example.com". How do I turn off HTTPS or fix it in some other way? (I don't need my own SSL certificate for the site.)
注意:如果您的应用强制用户上传,这不是Heroku的错SSL。检查 production.rb 以确保它不会说:
Note: It's not Heroku's fault if your app is forcing people onto SSL. Check production.rb to make sure it doesn't say:
config.force_ssl = true
如果是,请将其更改为false:
If it does, change it to false:
config.force_ssl = false
推荐答案
不幸的是,您无法阻止某人尝试通过SSL访问您的网站。也就是说,任何人都可以简单地将 https 添加到://site.example.com 开头。我建议您打开支持服务单,以便支持团队查看您当前的配置。不幸的是,存在于 *。herokuapp的搭载SSL .com 为雪松应用程序流血,除非你有自己的SSL证书,使用 ssl:endpoint 插件。
Unfortunately, you can't prevent someone from attempting to access your site via SSL. That is to say that anyone can simply add https to to beginning of ://site.example.com. I would recommend that you open a support ticket to allow the Support team to look into your current configuration. Unfortunately, the Piggyback SSL that exists at *.herokuapp.com for Cedar apps bleeds through unless you have your own SSL certificate that is specified using the ssl:endpoint add-on.
事实是,即使Piggyback SSL不在位,您的访客仍然会收到进入SSL版本的网站时出错。您可以考虑从 Namecheap 之类的地方购买价格低廉的SSL证书(看起来您可以选择超级用户,简单的证书为8美元/年)只是为了摆脱错误。然后,您可以强制重定向到您的网站的非SSL版本,一切都很好!
The fact is, even if the Piggyback SSL wasn't in place, your visitors would still receive an error when going to the SSL version of your site. You might consider purchasing a seriously cheap SSL cert from some place like Namecheap (looks like you can pick up a super-simple cert for $8/yr) JUST to get rid of the errors. You can then enforce redirection to the non-SSL version of your site and all is well!
这篇关于如何在Heroku上禁用HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
