HTTPS redirect from root domain (i.e. apex or 'naked') to 'www' subdomain without browser throwing up? -


dns a-records require ip address hard-coded application’s dns configuration

...which heroku recommends avoiding. heroku suggests 2 workarounds:

...using dns provider supports cname-like functionality @ apex, , using subdomain redirection`.

my question revolves around latter option (because former isn't supported dreamhost afaik):

is possible redirect root (i.e. apex or 'naked') domain 'www' subdomain https requests without browser throwing up?

heroku thinks not:

...applications requiring ssl encryption should use alias/aname configuration on root domain. subdomain redirection cause browser error when root domain requested on ssl (i.e. https://example.com).

...but i'm hoping that's incomplete (or incorrect) statement.

clarification update:

the real issue redirecting apex 'www' typing https://example.com directly browser raise certificate warning. sure, it's edge case, not small one.

solution update:

i solved problem dnsimple. (didn't have transfer domain!)

i believe easydns offers similar feature, surprised find other domain hosting companies don't.

there 2 separate interdependent levels of indirection consider here. first ip address dns name resolves to. second server on ip address does.

remember when type url browser, first thing happens dns lookup. usually, that's handled operating system – not browser itself.

so browser ask os, "what address of example.com?" os record, , if gets cname, that record, until finds a record. os responds browser answer.

your browser opens tcp connection ip address:

  • if http:// url, connects port 80, issues http request.
  • if https:// url, connects port 443, establishes tls/ssl connection (which means validating certificates), then issues http request on secure channel.

only @ point can http redirection happen. browser sends request (get /, , server can respond 301 other url.

understand "subdomain redirection" services offered registrars nothing more regular http server issues 301s. when opt registrar's redirection option, set a record of domain's apex server control, , server tells browsers go www.example.com.

since registrars don't allow upload ssl certificate redirection server, browsers cannot establish necessary secure connection server, , therefore never issue http request. thus, requests https​://example.com fail.

so why can't cname apex? it forbidden.

the domain system provides such feature using canonical name (cname) rr [record resource]. cname rr identifies owner name alias, , specifies corresponding canonical name in rdata section of rr. if cname rr present @ node, no other data should present; ensures data canonical name , aliases cannot different. rule insures cached cname can used without checking authoritative server other rr types.

the spec requires cname record record given (sub)domain. @ odds requirement of having soa record on apex. (there efforts out there change specs allow cname , soa coexist, there still many broken smtp implementations confused cname on domain.)

you have following options ssl working on apex:

  • use third-party service supports ssl on redirect server. you'll pay this. here's 1 service. would not recommend route, since takes control of reliability out of hands, , requires hand on keys ssl certificate may or may not trustworthy.
  • run own redirection server. since apex requires a record, you'll need static ip, services heroku , aws' elb not provide. if you're in cloud environment, difficult (if not impossible) guarantee reliability. on plus side, retain control of ssl keys.
  • use dns host allows set alias. point alias heroku domain/elb/whatever. best option.

an alias not technically type of dns record. instead, special configuration on dns host side returns a record result of lookup. in other words:

  1. your os issues dns request example.com dns host.
  2. your dns host reads internal alias configuration, , issues dns request domain. if have alias set example.herokuapp.com, a record of domain.
  3. the dns host returns simple a record ip(s) got alias lookup.

with alias record, point apex same cloud load balancer www domain cnamed to. assuming you've set ssl on www domain, naked domain work fine. @ point, it's choice whether app issues redirect, or serves content directly on naked domain.


Comments

Post a Comment

Popular posts from this blog

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle);
Read more

Trying to import CSV file to a SQL Server database using asp.net and c# - can't find what I'm missing -

i student , quite new programming, , given task using asp.net , c#, without being taught either. plan learn teach ourselves. the task stuck on making website import csv file sql server database of last year's room bookings around campus. the table has following columns: request_id; priority; module_id; day; start_time; length; park; students; room_code; status; semester_id; linked_request; week_1; week_2; week_3; week_4; week_5; week_6; week_7; week_8; week_9; week_10; week_11; week_12; week_13; week_14; week_15; ) in code, try make work 3 columns (request_id,priority,module) starters. when press import button, want read .csv file (with fixed name @ fixed directory) eg "1,2,3" - comma separating fields [delimiter] - , import sql server datab
Read more