I'm trying to find a current, up to date answer for setting up naked domain with Godaddy and Heroku SSL. My goal is for all pages to land on a secure page at https://www.example.com
https://www.example.com does go to a secure page.
example.com goes to an insecure page.
https://example.com does not work.
My current set up is as follows:
In heroku settings:
Domain Name | DNS Target
example.com | example.com.herokudns.com
www.example.com | www.my-domain.herokudns.com
Go Daddy Settings:
CNAME | www | www.example.com.herokudns.com
Forwarding settings:
Forward to: https:// | www.example.com
Yeah, it's a pretty stupid issue that some of the big DNS manager providers out there still have. The way to solve it is to have a server with an SSL certificate installed, and then point your naked domain to that static IP. The server then will redirect to the "www" version of your domain, which is now served under SSL by Heroku. Tedious.
If you don't want to do all that, just use https://www.nakedssl.com, which does exactly that – but automated (and for free for one domain).
Disclaimer: I'm part of the team that created NakedSSL, but I hope you take this as help and not as self-promotion. As explained above, the problem is as easy as tedious to solve, and I think NakedSSL is a pretty straight forward workaround.
Root domains on Heroku require the use of ALIAS ANAME or FLATTENING records.
Unfortunately, a number of popular DNS hosts such as GoDaddy, Bluehost, Google Domains, OVH, Hostinger and others do not support these types of records. Many of these Providers will tell you there is no such thing as ALIAS, ANAME or FLATTENING Records and many of these providers will tell you to set an A Record instead, however;
A Records do not work with Heroku for routing
A Records require static IP Addresses and static IP Addresses do not work with Heroku for routing, because Heroku (and many other cloud platforms) use dynamic IP's.
Instead, you can either:
Not use a naked domain and just use your www sub domain
Redirect/ Forward your HTTP root domain to your www sub domain. This won't work for your HTTPS root domain though
Use an Alternate DNS Provider. Heroku recommends the following: https://help.heroku.com/NH44MODG/my-root-domain-isn-t-working-what-s-wrong
Solved it.
Best way to get SSL set up is to use this package which automatically makes every page on your app SSL. Fantastic package. https://www.npmjs.com/package/force-ssl-heroku
Getting the naked domain set up with Godaddy easily: Set forwarding to your domain: https://www.my-domain.com. This will redirect non www to the correct place. :)
I believe naked subdomain or wildcards are not supported by heroku automated certs because of the let's encryption restrictions. So you need to set up a subdomain everytime you want to use Heroku's automatic certs.
ALSO VERY IMPORTANT! Don't forget to remove or edit any unsercured links to external assets. Otherwise browsers will jugde the page with those links unsecured as described in the Modzilla support page about mixed content.
Related
I have
'website.com' and 'newwebsite.com', both on LAMP environment.
I need
website.com redirecting to newwebsite.com
AND
old.website.com pointing to root of website.com
I have full control of both hosting and DNS records.
I can't figure out the best solution without creating a loop !
There are two choices here: redirects, or DNS records. If you do it with redirects it means the user will see that they have been forwarded elsewhere. If you use DNS, the user will not be aware of the deprecation of the old websites.
For this reason, I would use HTTP redirects for this task.
If you wanted to go the DNS route then simply have an A record for newwebsite.com and CNAMES for the others that point to it.
I have my domain pointed in Cloudflare with SSL. My website runs with HTTPS protocol. The reason i mention them running is this.
I have my blog at blogspot and want to give it custom domain name which google allows. Unfortunately google wont allow HTTPS there. I had created my blog like this in DNS as blog.domain.com which runs as https://blog.domain.com and if i host this subdomain via Github, it opens correctly. The problem is when i use this subdomain in blogger, then there arises conflict and my site goes offline. Where am i mistaking in setting up all this?
Don't enable full or restricted SSL option in cloudflare. Use flexible SSL instead. This will setup things correctly.
Are there any free dns services i can use to access my local host over external ip that support wildcard domains? This way i can set up virtual hosts to serve the subdomain content based on subdomain name.
For example, suppose the free fqdn with dns service is:
example.com
Example.com - my server root, default vhost
Site1.example.com - loads site1 vhost
Site2.example.com - loads site2 vhost
*.example.com - i can create a vhost for whatever the wildcard value is and it'll work like the two above
I don't mind if the free fqdn is a top level domain. Example.aa.bb.cc is fine as long as i can set up *.example.aa.bb.cc
A free fqdn/dns without support for wildcard subdomains but has lots of free subdomains i could set up would be OK, but not preferred.
Also, dynamic dns is not a requirement. My external ip very rarely changes so i wouldn't mind updating it if it ever changes.
I know I'm asking for a lot for free. I don't mind buying a domain name but I'm trying to get away with free if i can.
You should consider to build your own domain server to handle the subdomain information, for example using Bind software. After that you need to submit your NS record to your domain register
Found a good one. dtdns.com is free and allows for wildcard subdomains for free.
I've got an organization page set up and running in GitHub and things seem to be working...but I'm a little confused. I'd like to actually understand the process since the GitHub Help article refers to taking advantage of their CDN and DoS services, so bear with me.
Step 1: Created CNAME file in repo with domain 'example.com'
Step 2: Grabbed IP from dig example.github.io +nostats +nocomments +nocmd
Step 3: Entered IP from Step 2 into the 'A' record (see image below)
I decided to stop here and see where it got me, and to my surprise it seems to have done the trick. The example.github.io domain correctly redirects to the example.com domain and displays the content from the repo.
However I was informed that after the DNS props, you can dig example.com and see the CNAME record pointing to example.github.io. I do not see this, and I dislike thinking that I didn't set things up correctly. Any thoughts/comments/tips welcome, thanks!
In order to take advantage of the CDN and DoS services provided by GitHub Pages, you'll need to set up a Subdomain (eg www.example.com or blog.example.com) instead of an Apex domain (example.com).
From the GitHub Help page you referenced:
If you are using an apex domain (example.com) instead of a subdomain
(www.example.com) and your DNS provider does not support ALIAS
records, then your only option is to use A records for your DNS. This
will not give you the benefit of our Content Delivery Network.
Here's a setup (looks like you're using GoDaddy for DNS) that would work to get your Organization Pages working as desired:
This is actually for a Project Page within an Organization, but for either one, you'll set the CNAME record for www to organization.github.io, not something like organization.github.io/project. Don't change the A record for # (mine is the default from GoDaddy).
If you want to get your Apex domain (example.com) to redirect to the new subdomain (www.example.com), then you can point your Apex to your subdomain with Domain Forwarding like this:
With that setup, you'll get to take advantage of GitHub's CDN, which you may notice is provided through fastly. Here's how my domain looks to dig:
It is also possible to use a CNAME record for an APEX domain using the free DNS service provided by CloudFlare in which case you can also use your domain without the www (or any other subdomain) and still benefit from CDN & DoS.
I've written a step-by-step guide here: Speed up your GitHub Pages website with CloudFlare
PS: Apparently using ALIAS records is a bad idea... click here to see why.
DNS records are publicly available. There's no way of masking them in this instance. From the way you describe it, you have done everything right. There is nothing that makes me thing you set this up incorrectly.
I'm hosting a clients site at client.mysite.com, but my client want to have its own domain, like www.clientsite.com.
With a CNAME configuration, I'll be able to hook my client domain to the content, but... considering I'm still hosting my clients content, which domain will be finally listed on Google with contents of client.mysite.com contents?
a) mysite.com
b) clientsite.com
Thanks for helping.
In the DNS hierarchy, the CNAME resource record will be attached to the clientside.com. A CNAME is simply a reference to the location of that site's A record. With that in mind, I believe mysite.com will be listed as hosting the data.
Does your client want it to appear under his name?
If so, then this should not be solved using DNS (well, not only using DNS).
If your client wants to get the content listed under his domain name, the best way to do this, is to add their name to your server.
Then point client domain name to your server.
The best way to do the pointing (when also considering SEO)
is to make an webforward (301 permanent) from the root, to the www
and make the www subdomain point to the ressource.
(Or vice verca)
IF you are using the example above (webforward on root) you can use a cname instead of an A record to point the domain name. However do not add a cname to the root of a domain (effectively shutting down your domain name).
So-
Short Answer:
client.mysite.com will have the content (also according to google).
Any attempt to obfuscate this is black hat or grey hat ;)
a better way of doing it is to simply setup the clients domain name on your server.
Then point only one hostname to the server. Server host/headers will take care of the rest.
Setup in DNS
# webforward 301 www
www a or Cname to server
Quick rules:
NEVER put Cname on the root of a domain
Only allow 1 hostname to show content (can be done both as explained above via DNS/webforward or via server configurations)