我们在WPEngine网站上启用了SSL,因此每个网页都通过https提供。
我们最近在Heroku上切换到Ruby on Rails。现在,当我们使用https时,我们会出现一些错误:
max_execution_time = 1800
当我Your connection is not private
Attackers might be trying to steal your information from myapp.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
检查我的自定义域或herokuapp域时,SSL已经过验证。
curlChrome中的错误是:
curl -kvI https://myapp.herokuapp.com
# SSL certificate verify ok.
curl -kvI https://myapp.com
# SSL certificate verify ok.
在我的produ.rb中我有:
This server could not prove that it is myapp.com; its security certificate is from *.herokuapp.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
答案 0 :(得分:0)
我们之前的Java应用程序遇到了同样的问题。我可能错了,但Heroku PaaS的dynos背后有云代理,默认会覆盖请求标头(在我们的例子中是从https到http)。我想你可能有兴趣检查X-Forwarded-For标题。我们的解决方案是在Procfile中明确传递请求上下文参数。
Procfile应包含类似(对于Java):
..--context-xml <contextWithHeaderOptions>..
实际context.xml:
<Context>
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" portHeader="x-forwarded-port"/>
</Context>