Mastodon: LOCAL_HTTPS does not work with custom domain and Heroku
So, I tried fiddling around with Heroku, custom domains and HTTPS for quite a while now, and I'm currently stuck at the last little thing that makes this a bit of a pain for my custom instance.
The first scenario is that LOCAL_HTTPS is causing an endless redirect loop. I've read about this on here and how to get around it, but I found no way setting this with the instance that can be automatically deployed to Heroku.
The other way I tried getting this to work is disabling LOCAL_HTTPS but having HTTPS and redirects from my DNS setup and Heroku themselves. This works fine for most of the stuff, I can even properly federate, the only downside of this is that the websockets connection is not over WSS (so, to see new stuff I have to manually reload).
Sounds really stupid, but I've been sitting around with this for a few hours now, and I'm really close to solving this. So, if anyone got stuff on Heroku working this way, I'd be glad on any tips on how you did this!
- [x] I searched or browsed the repo鈥檚 other issues to ensure this is not a duplicate.
pixeldesu
All 6 comments
I'm running into the same issues. I followed the heroku setup guide and set cloudflare to flexible ssl but setting LOCAL_HTTPS to true causes redirect loops.
@pixeldesu Also would issue https://github.com/tootsuite/mastodon/issues/1126 possibly be caused by the websocket issues you mentioned?
Spunkie
on 7 Apr 2017
@Spunkie I gave up on hosting on Heroku, as the files are not kept updated to reflect what is needed for Heroku to properly run it.
You need another dyno (or spawn inside a child process of the Rails app) for the Streaming websocket, I added this with just appending
streaming: npm run start
to the Procfile, which...adds another dyno, but was the easiest way I wanted to work with.
After that you need to fix the way the streaming/index.js is pulling the Redis credentials. You can change the 4 lines trying to get the Redis credentials from the environment into
const redisClient = redis.createClient(process.env.REDIS_URL)
and connecting to Redis should work fine.
The only problem I had after this was that the streaming API (/api/v1/streaming/...) is caught by Rails and only returns 404s. I found no way to solve this and then pretty much gave up on it.
I managed to fix the redirects with LOCAL_HTTPS after dropping Cloudflare and just linking from the domain providers DNS, because they support ALIAS records and all that. You need a CNAME for @ pointing to your.url.herokudns.com and a URL redirect record for @ to redirect to https://your.url (this is a Heroku thing, because Heroku by default points to www.your.url)
You then need to edit config/environments/production.rb and add another header to the bottom of the file (the object config.action_dispatch.default_headers)
'X-Forwarded-Protocol' => 'https'
With this, you are telling Rails that the default protocol is https and it will not try to redirect you there all the time.
This is pretty much all I've got on the issues. Loading assets from other instances and federation worked fine for me after SSL/TLS was properly set up.
pixeldesu
on 7 Apr 2017
I updated the heroku docs recently to reflect that you no longer need to use cloudflare to get SSL support on Heroku -- they recently added (free!) support for LetsEncrypt certs which you can add to your heroku instance and not bother with the proxying approach.
So you'd have:
- Auto renewed certs turned on with your heroku app
- The
LOCAL_HTTPSvalue set to true - Your DNS pointing at
your.hostname.com.herokudns.com(per the auto renew feature instructions)
mjankowski
on 9 Apr 2017
@mjankowski as I understand this only works for paid dynos right? At least I'm not seeing where in the settings it would allow me to set up https on my free dyno.
Spunkie
on 9 Apr 2017
Yes, that's correct ... if you have any paid dynos, the ssl auto renew option is free. If you don't have paid dynos, it's not available.
mjankowski
on 9 Apr 2017
@pixeldesu sounds like you've gotten this resolved, I'm going to close the issue. Feel free to re-open if that's not the case.
ashfurrow
on 22 Apr 2017
Related issues
golbette
路
3Comments
lauramichet
路
3Comments
almafeta
路
3Comments
Lewiscowles1986
路
3Comments
marrus-sh
路
3Comments
Most helpful comment
@Spunkie I gave up on hosting on Heroku, as the files are not kept updated to reflect what is needed for Heroku to properly run it.
You need another dyno (or spawn inside a child process of the Rails app) for the Streaming websocket, I added this with just appending
to the Procfile, which...adds another dyno, but was the easiest way I wanted to work with.
After that you need to fix the way the
streaming/index.jsis pulling the Redis credentials. You can change the 4 lines trying to get the Redis credentials from the environment intoand connecting to Redis should work fine.
The only problem I had after this was that the streaming API (
/api/v1/streaming/...) is caught by Rails and only returns 404s. I found no way to solve this and then pretty much gave up on it.I managed to fix the redirects with
LOCAL_HTTPSafter dropping Cloudflare and just linking from the domain providers DNS, because they support ALIAS records and all that. You need a CNAME for@pointing toyour.url.herokudns.comand a URL redirect record for@to redirect tohttps://your.url(this is a Heroku thing, because Heroku by default points towww.your.url)You then need to edit
config/environments/production.rband add another header to the bottom of the file (the objectconfig.action_dispatch.default_headers)With this, you are telling Rails that the default protocol is
httpsand it will not try to redirect you there all the time.This is pretty much all I've got on the issues. Loading assets from other instances and federation worked fine for me after SSL/TLS was properly set up.