1. 技术文章
  2. How to redirect to HTTPS with .htaccess on Heroku Cedar stack

How to redirect to HTTPS with .htaccess on Heroku Cedar stack

僤鯓⒐⒋嵵緔 提交于 2019-11-26 20:24:37

问题


I'm new to cloud hosting...

I'm working on a PHP web app that's hosted on Heroku as a "Cedar" app. Heroku offers "piggy back" SSL to all their subdomains, so I can load https://myapp.herokuapp.com just fine. But I can also load http://myapp.herokuapp.com. I want to force SSL by redirecting http requests to https.

Normally, this would be easy. I would just use mod_rewrite as follows:

RewriteCond %{HTTPS} != on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

BUT THIS DOESNT WORK ON HEROKU!

It appears that SSL terminates upstream, before the traffic ever hits my app. So the %{HTTPS} condition is never met, and the result is a redirect loop. I've also tried the following, which also didn't work:

RewriteCond %{SERVER_PORT} != 443 #<--also redirect loop
RewriteCond %{REQUEST_SCHEME} !https #<--also redirect loop

So my question is how can I detect/redirect-to HTTPS when it's terminated upstream?


回答1:


After spending all day on this, I figured it out!!

The issue is eloquently summarized here.

Bottom line: Heroku sets its own custom header to indicate the ORIGINAL scheme of the traffic (before SSL terminated at the load balancer).

So THIS works in an .htaccess file on Heroku

##Force SSL 

#Normal way (in case you need to deploy to NON-heroku)
RewriteCond %{HTTPS} !=on

#Heroku way
RewriteCond %{HTTP:X-Forwarded-Proto} !https 

#If neither above conditions are met, redirect to https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The secret sauce is the line with HTTP:X-Forwarded-Proto.

Hope this helps someone else having the same issues! At the time of writing this there is ZERO documentation on this.




回答2:


I added one line to the great answer given above so it doesn't break my local dev environment which doesn't have SSL configured:

# If header is present in the request
RewriteCond %{HTTP:X-Forwarded-Proto} .

(Note RewriteRule is applied only if all preceeding RewriteCond's hold).




回答3:


If heroku is not picking up your .htaccess file you might have to use a a custom application level Apache configuration as documented by heroku

Basically you'll need to add this to your profile: web: vendor/bin/heroku-php-apache2 -C apache_app.conf



来源:https://stackoverflow.com/questions/26489519/how-to-redirect-to-https-with-htaccess-on-heroku-cedar-stack

标签
.htaccess
mod-rewrite
ssl
heroku
load-balancing
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!