Nuxt.js: SSL Redirection via Heroku

Created on 14 Jul 2017  路  22Comments  路  Source: nuxt/nuxt.js

I'm currently at a loss for the best practice in getting forced SSL redirection with Nuxt deployed to Heroku.

Is there a guide somewhere for this that I simply haven't been able to find?

This feature request is available on Nuxt.js community (#c940)
enhancement help-wanted
Source
picture natecox

Most helpful comment

@PiusNyakoojo Just update redirect-ssl to 1.1.0 and it will work!

picture pi0 on 21 Jul 2017
🎉3 👍1

All 22 comments

Hey. Can you try this: https://github.com/nuxt/hackernews/blob/master/middleware/https.js ?

pi0 picture pi0 on 14 Jul 2017

@pi0 Thanks for the reference. Unfortunately, redirect only allows for relative redirection, not absolute. When I try to use the linked snippet as middleware, I end up with a recursive loop that provides a url such as:

http://testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/https:/testapp.herokuapp.com/
natecox picture natecox on 15 Jul 2017

@natecox I'm not a Heroku app user but they may have Edge SSL redirects too. BTW for middleware redirection with absolute paths, we may use window.location = ... and req.setHeader('Location:') should test it if working or not :)

pi0 picture pi0 on 15 Jul 2017

We ran into this issue in #770 and implemented a workaround: https://github.com/nuxt/nuxt.js/issues/770#issuecomment-304126495

ydnar picture ydnar on 19 Jul 2017
👍2

I haven't had a chance to try this code out, but I did run across it a while back. Without trying to be disrespectful to the code author, the workaround there seems really hacky; which is a side effect of redirect simply not allowing absolute URLs.

If this is the _accepted_ solution I'll just go with it, but I feel like there's an opportunity to improve from the Nuxt side.

natecox picture natecox on 19 Jul 2017

For clarity, I really think that Nuxt would benefit by providing a force_ssl option to handle this automatically.

natecox picture natecox on 19 Jul 2017

Sounds promising! I haven't seen serverMiddleware anywhere, is it documented?

natecox picture natecox on 19 Jul 2017

@natecox Comment deleted as it is not handling client side conditions. I will share a demo for serverMiddleware usage.

pi0 picture pi0 on 19 Jul 2017
👍1

Sorry for delay. Was doing few tests with available redirect middlewares. Just implemented redirect-ssl which seems being compatible with heroku too. (Full supporting x-forwarded-proto). In order to register middleware you can install redirect-ssl package and adding this to nuxt.config.js: (needs nuxt 1.x)

module.exports = {
   serverMiddleware: [ 'redirect-ssl' ],
}

Please let me know if it's working with heroku. And if was not succeed don't worry as middleware system is improved a lot with next release also we may provide an easier module for SSL redirects too.

pi0 picture pi0 on 20 Jul 2017

@pi0 This seems to work fine, ssl redirection on the server is working without an issue.

I would absolutely be in favor of baking this functionality into Nuxt with a toggle flag.

natecox picture natecox on 20 Jul 2017

Happy hearing it's working. Unfortunately while many would benefit from such functionalities we cannot add everything to Nuxt core as it may get out of control soon (https serve is not in the core too) However instead we introduce a modular system which modules can be added in a on liner manner to enhance projects.

pi0 picture pi0 on 20 Jul 2017

@pi0 redirect-ssl isn't working for us.

We have installed the package:

npm install -S redirect-ssl

Placed it in nuxt.config.js:

module.exports = {
   build: {},
   // ...
   serverMiddleware: ['redirect-ssl']
}

Started the server:

npm run build && npm run start

And finally, tunneled it through ngrok:

ngrok http 3000

When we visit the ngrok url http://ourapp.ngrok.io we expect to be redirected to https://ourapp.ngrok.io. Instead, we remain on the http site.

Thank you for your help!

PiusNyakoojo picture PiusNyakoojo on 21 Jul 2017

@PiusNyakoojo I'll check ngrok soon.

pi0 picture pi0 on 21 Jul 2017

Thanks pi!

PiusNyakoojo picture PiusNyakoojo on 21 Jul 2017

@PiusNyakoojo Just update redirect-ssl to 1.1.0 and it will work!

pi0 picture pi0 on 21 Jul 2017
🎉3 👍1

Haha, incredible. Thanks pi!

PiusNyakoojo picture PiusNyakoojo on 21 Jul 2017

Hey @pi0, one last thing:

How do you disable redirect-ssl for localhost development? 馃槃

PiusNyakoojo picture PiusNyakoojo on 22 Jul 2017

Haha that was the reason i planned writing a nuxt module for easier usage. Currently you may conditionally disable that line using process.env or commenting out by hand 馃槀 Will provider module in few days.

pi0 picture pi0 on 22 Jul 2017
😄1

@PiusNyakoojo with [email protected], it's forced to only redirect in production (a.k.a. when process.env.NODE_ENV === 'production'

zzhjerry picture zzhjerry on 13 Sep 2017

@pi0 it's work! Thank you for your work

wasinr picture wasinr on 22 Nov 2017

Hello,

When i put redirect-ssl in our nuxt.config.js and try to load my page, it says redirected you too many times.

bcmdevteam picture bcmdevteam on 25 Apr 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 2 Nov 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

surmon-china picture surmon-china  路  3Comments
o-alexandrov picture o-alexandrov  路  3Comments
vadimsg picture vadimsg  路  3Comments
maicong picture maicong  路  3Comments
mikekidder picture mikekidder  路  3Comments