setup SSL for domain

[holaymolay]

ssl is working: https://www.codeclub.social/

The only problem is if someone goes to www.codeclub.social it resolves as non-https...

[holaymolay]

ssl works but not all versions of the domain (e.g. www.codeclub.social) forward to https

Here's a fantastic solution: https://stackoverflow.com/a/23977269/3170942

[craig429]

Notes on HTTPS redirection:

1. Port 3000 (or process.env.PORT)is still open for development. It is HTTP. This gets turned off in production.
2. Port 80 will redirect to port 443 using HTML code 301, which translates to: Moved Permanently. Details here: https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
3. Once the redirect is encountered by accessing port 80 your browser will cache the redirect and automatically resolve an HTTP request to an HTTPS request on future accesses. This happens in Chrome, anyway. So for testing, if you need to hit the site at the HTTP port you will need to clear your browser cache first.

Closing this issue.

[craig429]

I should also mention that the site certs key.pem and cert.pem are bogus since they haven't been signed by a CSA, so you will get "Not secure" warnings when you HTTPS to the site.

[holaymolay]

maybe I don't sufficiently understand SSL, but we are piggybacking on heroku's ssl Certificate. Also, I've not gotten the error you're talking about, that is unless the recent changes have changed that

[craig429]

That sounds right. Probably cert.pem and key.pem are not even used on the Heroku side. I need them when I run locally.

[holaymolay]

just in case: https://jaketrent.com/post/https-redirect-node-heroku/