All geek questions in one place

Https hosting in the root domain

I am running my parsing application in a bare domain. Pars doesn't make my life easier.

At first I tried my best to configure it, because most DNS hosting services do not allow CNAMEs in the root domain, and Parse requires CNAME.

I decided to try it using anti-aliasing CloudFlare CNAME, and in the end it worked by setting CNAME under [hostname key] .example.com. Parse did not allow me to configure it without the hostname key, because example.com was not a real CNAME (it was transferred to record A under the CloudFlare tree).

But I want to run my site under HTTPS, so I registered a certificate valid for "https://example.com" and "https://www.example.com".

Parse is not easy again. At first, he did not accept my certificate because the host name would not match. I thought that maybe he was trying to compare it with a certificate subdomain (www.example.com), and that would not match my application domain (example.com).

I created another CNAME in [hostname key] .www.example.com by placing my parseapp.com URL (I didn’t want to change www.domain.com because it is already positioning another service redirecting to domain.com), changed my app name to www.example.com and he finally accepted my certificate! Yeahhh!

The hostname of the application was changed to example.com and tried to access it in the browser, but it always requires downloading and shutting down. If I change my application to work on https://www.example.com (a secure site with the www subdomain), then it works fine.

So, I can run my application at http://example.com (not protected, without www) or "https: // www. Example.com" (safe from www).

Why is it so difficult to run an application in the root domain in Parse?

Is there something I need to do to run a secure application in the root domain?

+6
source share
1 answer

Most web services are currently designed around the idea of ​​CNAME: they provide you with CNAME, and you must give the host name aliases.

However, as you noted, CNAME has certain restrictions imposed by the DNS RFC protocol, and it cannot be used to map the top domain.

Some DNS companies, such as DNSimple or DNS Made Easy , provide a type of CNAME record that can be used to map the root domain to the host name provided by the cloud service. Using these services will also simplify the configuration of the SSL certificate.

Speaking of SSL certificates, be careful that when buying a certificate with the same name for example.com or www.example.com it is valid only for this host name. Most certificate authorities will also include the appropriate apex domain if you buy www.example.com , but you need to check it with your SSL certificate provider.

Last but not least, the ability to redirect HTTP to HTTPS traffic really depends on your service provider, in this case parse.com. Unfortunately, it’s not uncommon for these services to not force HTTPS. Heroku is currently doing the same thing; they do not force HTTP HTTPS when HTTPS is enabled.

You should check them if there is a way to apply such a redirect, since the only way is to apply it either at the server level or at the application level. You cannot apply redirection, for example, at the DNS level.

+1
source

Source: https://habr.com/ru/post/975000/

More articles:


All Articles