I have a Heroku app which is on a free plan like myappsucks.herokuapp.com but recently that website is showing a not secure warning when I open it on my browser. Can anyone help me out how can I fix this at free of cost coz I heard Heroku is a free platform where u can deploy your Nodejs app.
Any answer is appreciated =)
Heroku free apps do not use SSL. You will need to change to a paid plan to get it.
However, as a workaround, if you want to see "secure" in the browser, you can use free cloudflare account, using cloudflare as a dns proxy. Cloudflare will use HTTPS (secure) when your site is proxied through them, and can use HTTP when it retrieves your site.
It is not secure at all between cloudflare and heroku, but is an easy workaround for demo apps etc.
Here is what the SSL setting should look like:
and the DNS record:
Related
I have started creating my own nodejs app (for the first time) that I hope to deploy at some point, perhaps to Heroku or another platform.
I need for my app to encrypt traffic namely for user passwords and sessions (note there is no other obviously sensitive data).
I started looking into serving my app using HTTPS (SSL) however I am now wondering if I need this. If my app is to be hosted and deployed using Heroku/other platform won't all requests be trafficked through their servers presumably using HTTPS by default? I am guessing that the request will then be routed using HTTP to my application, although I am struggling to understand how this works. Ultimately I would like to know if I can ignore worrying about paying for SSL certification and such like when it will not matter in this hosting environment?
Help much appreciated. Matt.
If you are using heroku then you must be using paid dyno( hobby or professional) and heroku provides free SSL to all paid dynos. Furthermore if you think that at some point you can switch hosting then there is always freessl available via Let's encrypt.
Heroku serves all requests with and without SSL in default herokuapp url.
Use cloudflare free plan. Open a free account in cloudflare, Copy the DNS. Then set the DNS in your domain service provider (godaddy or sth), then change the Cname config for the website inside cloudflare. Now you have a free certificate.
I have a seemingly intermitted issue with a site I'm hosting on Azure.
The site works for most but we're getting a few reports that when people try to access the site via a link (in an email for example) the site throws an ERR_CONNECTION_RESET error in Chrome.
The site is an S1 App Service
The site running is .Net Core 2.1 (MVC)
It has Let's Encrypt certificate applied to it (and this shows in the browser)
It is set to be Https only and Always On in Azure's SSL and Application Settings blades respectively.
I've had a look around and it feels like maybe this is an SSL issue but I'm not sure.
I've done a re-bind of the cert.
Can anyone offer any advice? I've not encountered this before.
Update
An update from our clients suggest it could be happening as our domain is newly registered.
Specifically, it could be a reputation/categorisation issue coming in to play with the threat protection they utilise on their networks.
I will look into submitting an update to the relevant sites to see if it helps.
I have a hosted website using an Azure webapp. Sometime yesterday, portions of my website began to fail with network requests showing ERR_INSECURE_RESPONSE. Random image files, css, sometimes even the index (which Chrome really doesn't like). However, if I refresh a few times in Chrome, the assets load just fine. I'm access the site through the subdomain created when the webapp was set up so the SSL certificate is for *.azurewebsites.net and appears to be valid.
Is there a way to debug this further? Logs from my server don't seem to be showing any issues and there isn't a clear repro.
The fix for this was pretty simple and I wanted to post in case anyone stumbles across this because (I think) the settings by default were in the config that served the error.
I had a custom domain and had set up SSL for that domain on my Azure web app. The error I was seeing is that from time to time Azure would return the default SSL certificate for azurewebsites.net instead of the SSL cert I had purchased for the domain. The fix was to switch from IP SSL to SNI SSL. This can be done from the "SSL Settings" in your Azure Web App. Click the host name and modify the SSL Type.
Recently I created a website in asp.net core and hosted in Azure Shared tier (non-secure). there is one feature on my website, get user address based on geolocation and autofill registration form.
Problem
getCurrentPosition() and watchPosition() no longer work on insecure origins (As of Chrome 50, the Geolocation API will only work on secure contexts such as HTTPS.)
The site is very small and I don't want to spend money on SSL certificate. (I can go with free SSL https://letsencrypt.org/)
Custom SSL certificate hosting only available on Azure Basic and above tier.
Is there any solution/workaround available?
Thanks,
Use Let's Encrypt (https://letsencrypt.org/) to get a certificate for free.
Sign up CloudFlare Free Plan and use their free SSL.
https://www.cloudflare.com/ssl/
Researching past posts makes it seem like you have to use a service like DNSimple in order to have a naked domain (i.e. "example.com") for Heroku apps. I am wondering if that is still true, or if I can achieve this using only my app server.
I am using Namecheap BasicDNS and my app is a node/express app hosted on Heroku.
Thanks in advance for any tips. I am just trying to make sure before I purchase. Thank you.
You can't point your apex domain to an hostname (hence to Heroku), because you can't use a CNAME for the apex.
Consequently, the only way to point your root domain to a service like Heroku is by using a DNS provider that provides a CNAME-like feature for the root domain, that is what DNSimple calls ALIAS.
You can also find more information in the Heroku documentation.