There is a way to have multiple SSL endpoints routing traffic to the same app.
An SSL endpoint works by terminating the SSL connection and injecting the unencrypted traffic back in to the normal Heroku routing layer.
You can take advantage of this by creating a new app with a new SSL endpoint to terminate the SSL connection and route the traffic to your existing app:
-
Add your domain name to your app:
$ heroku domains:add ssl.example.com -
Create a new app:
$ heroku create endpoint-for-example-com -
Add the SSL endpoint add-on ($20/mo):
$ heroku addons:create ssl:endpoint --app endpoint-for-example-com -
Add your certificate to your new app:
$ heroku certs:add server.crt bundle.pem server.key --app endpoint-for-example-com --type endpoint Resolving trust chain... done Adding SSL Endpoint to endpoint-for-example-com... done endpoint-for-example-com now served by kagawa-1482.herokussl.example.com -
Use the ssl endpoint assigned to your new app (e.g.
kagawa-1482.herokussl.example.com) as the CNAME host for the domain name you wish to secure. This is normally done in your domain’s DNS configuration.
The new app does not need any dynos, but there will be a charge of $20 / month for the SSL endpoint add-on.
Notes:
This solution is not documented by Heroku, so it’s possible that theyHeroku have confirmed that this is safe for production use.
would remove or change this behaviour in the future.- Be sure to create your endpoints in the same region as your primary app.
- It might take a while for your DNS changes to take effect.