Enable SSL on production server

Question

Enable SSL on production server

clhenrick opened this issue 8 years ago · 4 comments

We need to have SSL on the production Heroku server so that the Geo Location API can be enabled.

Relating to that, it seems that the "Locate Me" feature in the map's main page doesn't load centroids for parks within the map view.

Answer 1 · 2017-04-21T21:53:59.000Z

Enabling it on development was one click via the Dashboard.
https://caliparks-development.herokuapp.com/

So that's one item down.

Answer 2 · 2017-04-21T22:09:17.000Z

What did you do to enable it? Looks like it's set to "auto" and that it should be enabled automatically as we are using a paid dyno, but SSL is currently not enabled.

Answer 3 · 2017-04-21T23:45:37.000Z

Got this set up: https://www.caliparks.org/

Last step: change the URL forwarding which enforces the use of a canonical URL, to use the HTTPS version.

Answer 4 · 2017-04-24T15:17:44.000Z

The domain service won't be able to do a redirect when a browser requests www.caliparks.org This being a proper hostname pointing to Heroku, the request bypasses Dreamhost's redirect service.

As such, you'd need to alter the code to detect that HTTPS was not in use. Note that Heroku uses proxies for the routing and HTTP, so you'll want to check req.headers['x-forwarded-proto'] != 'https'