4

I'm running a website on Heroku, with a custom domain name registered by my client through Network Solutions. The site runs over regular HTTP and SSL.

Due to its distributed nature, Heroku requires custom domain names to point to its servers using CNAME DNS records, aimed at www.example.com, rather than apex A records, pointed at a specific IP address. Because of this, the site needs to redirect the apex domain to the www subdomain; http://example.com becomes http://www.example.com. Also, https://example.com needs to redirect to https://www.example.com.

Everything appears to be set up correctly on the Heroku side according to their documentation (https://devcenter.heroku.com/articles/ssl-endpoint). On the Network Solutions side, where the DNS is configured, there is a CNAME wildcard record pointing all subdomains to Heroku's SSL endpoint address:

CNAME   *   example-1234.herokussl.com

To make the redirect work from the apex domain to the www subdomain, I'm following directions Network Solutions provides: http://www.networksolutions.com/support/how-to-forward-your-network-solutions-domain-name-to-a-free-blog-service/. This results in the following A record:

@ none   205.178.189.129

As a result of all this, http://example.com is correctly redirecting to http://www.example.com. However, https://example.com not only doesn't redirect, it times out:

% curl -kvI https://example.com
* About to connect() to example.com port 443 (#0)
*   Trying 205.178.189.129... Operation timed out
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host

Connecting via HTTP does work, though:

% curl -kvI http://example.com
* About to connect() to example.com port 80 (#0)
*   Trying 205.178.189.129... connected
* Connected to example.com (205.178.189.129) port 80 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.20.0 (i386-apple-darwin8.11.1) libcurl/7.20.0 OpenSSL/0.9.7l zlib/1.2.3 libidn/1.15
> Host: example.com
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
HTTP/1.1 302 Moved Temporarily
< Content-Length: 0
Content-Length: 0
< Location: /?3e3ea140
Location: /?3e3ea140

< 
* Connection #0 to host example.com left intact
* Closing connection #0

So Network Solutions' special redirect magic seems to work for HTTP, but not for SSL. Does anyone know if they support such a redirect at all, or am I going to need to convince my client to move to a new registrar/DNS provider?

Lonnon Foster
  • 141
  • 1
  • 4

1 Answers1

0

HTTPs negotiation happens before any HTTP response header is sent (including the HTTP status code and the Location header).

This means that, in order to redirect the https version, Network Solution should install your domain certificate and configure their server to listen to the port 443.

I don't see any mention about this feature, it looks like they provide a simple redirector service available at that IP address but this means you are not able to redirect the HTTPS version of your root domain to the www hostname.

A possible solution is to point your root domain to the Heroku application (using one of the A names returned by resolving the SSL endpoint. Some DNS providers offers also a CNAME-like feature for the root domain) and then handle the redirect internally. This is the most common way to handle the root domain to www redirect for an app hosted at Heroku.

Simone Carletti
  • 1,524
  • 3
  • 15
  • 30
  • Sadly, pointing the root domain isn't an option here, because the client is also using Network Solutions to provide DNS service. NS doesn't support ALIAS or ANAME records, only regular A records, and because the site is running on Heroku, its IP address could change. The solution may be to move to a different DNS provider that's more in touch with modern web development. Sites that run on a distributed platform have different DNS requirements from those that sit on a single server. – Lonnon Foster Jan 14 '14 at 00:16