Someone with better SSL-foo may chime in here, but I don't believe you can proxy an SSL request. That would consitute a man-in-the-middle attack. The browser would detect this, and provide a big fat warning to the user. You could terminate the SSL connection on the VPs, but then of course the VPS->Heroku connection wouldn't be encrypted.
Oren On Nov 28, 4:35 pm, Jordan Brock <[email protected]> wrote: > With the recent addition of custom domain SSL hosting on Heroku, the > possibility of moving some of my production sites over became very > real. Very real until I saw the cost of the SSL add-on that is. $1200/ > year per site is not really an option. > > However, it got a friend and I thinking: Couldn't this be worked > around with ProxyPass and ProxyPassReverse? Eg, I run a dedicated VPS > that does nothing except act as a proxy server. This server has the > SSL certificate on it, and acts as a proxy forhttps://example.heroku.com > > Is there anything inherently wrong with this approach? It's kind of > what is being done by heroku anyway for their normal hosting (eg > everything is behind a proxying server). > > It's an additional point of failure, and is a potential security risk > (in terms of someone hacking into the VPS and redirecting the > ProxyPassReverse directive). But with those caveats, is it something > that could be done? > > An example: > > http://www.example.comacts as a proxy > forhttp://example.heroku.comhttps://www.example.comacts as a proxy > forhttps://example.heroku.com > > Any thoughts? -- You received this message because you are subscribed to the Google Groups "Heroku" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
