I’m working on a small side project that requires proper SSL configuration. Since I like using “heroku”:http://nofail.de/category/heroku/ to bootstrap my projects, I thought it would also be a great idea to do that in this case… As it turns out, it was quite a hassle to get it up and running the way I want it to be.
When you create a new app on “the cedar stack”:http://nofail.de/tag/cedar/ you get “SSL for fee”:https://devcenter.heroku.com/articles/ssl-endpoint#piggyback_ssl_myappherokucom_and_myappherokuappcom_only. The only downside here is that this is only true for the your-app.herokuapp.com subdomain that hosts your application. If you want to add SSL to “your custom domain”:http://nofail.de/2010/01/using-heroku/ it get’s a bit hairy.
h2. Custom Domain SSL
Once you have added your domain to heroku and delegated the the “name-server lookup via CNAME”:http://www.df.eu/de/feature-info/serverpower-h/domainverwaltung/, you need to “provision a SSL addon”:https://devcenter.heroku.com/articles/ssl-endpoint#provision-the-add-on that costs $20 per month. This is just for the addon, no batteries included! So you also need to buy a SSL-certificate from the authority of your choice.
This setup is unfortunately not working with my “hosting provider domainFACTORY”:http://www.df.eu/ as they allow _only_ subdomains to be aliased via CNAME, the root-domain is not configurable. So you can forward www.yourdomain.de but not yourdomain.de.
h2. CloudFlare to the rescue
The “CDN provider CloudFlare”:https://www.cloudflare.com/ has free SSL support when using the “Pro Plan”:https://www.cloudflare.com/plans that also costs $20. This is a bargain compared to the heroku SSL-plugin as CloudFlare has way more use-cases than just SSL.
Configuring the DNS on domainFACTORY is quite simple. Just go to _Für Profis > Nameserver-Einstellungen_ in your admin setup and remove all the DNS entries. Add the CloudFlare name-server settings to the bottom:
DNS + SSL made simple!