CODEWITHSUNDEEP
herokucloudflare
Poogy
Poogy

Reputation: 2777

Connect cloudflare to heroku with Full SSL

I have a Heroku app with a free account. I also have a free account in Cloudflare.

I am trying to connect them with a Full SSL connection. In cloudflare, I see the following state:

enter image description here

enter image description here

However, I can't access my website with a secure connection. I am getting an error 525: enter image description here

I think the problem is with the settings in Heroku but I can't find much information online...

Any suggestions?

Upvotes: 9

Views: 3965

Answers (4)

Johannes Alexander
Johannes Alexander

Reputation: 323

These days you have to follow this document: https://support.cloudflare.com/hc/en-us/articles/205893698-Configure-Cloudflare-and-Heroku-over-HTTPS

I encountered the same thing and just recently set this SSL for cloudflare to heroku. This is what i had to do.

  1. Add your domain in heroku, for this example ill say my domain is test.com in heroku each domain will give you some random herokudns domain value for your domain used. You will need www and @ domain added. So in heroku you should see www.test.com and test.com and each one corresponding to one of herokus herokudns domains.

  2. Add the CNAMES into cloudflare and use the herokudns domains you were provided

    CNAME www heroku-domain-given1

    CNAME @ heroku-domain-given2

  3. Create origin certs in cloudflare - upload these into heroku under their SSL settings. Make sure you do not pick the enable ACM but the upload manual cert setting. This is how the SSL handshake is verified between cloudflare and heroku. Reference: Workaround for Heroku no longer supporting SSL behind Cloudflare ("Strict TLS in CDN not supported")?

Upvotes: 3

Vincent Liong
Vincent Liong

Reputation: 89

Use the app URL (appname.herokuapp.com) as CNAME value instead of the domain generated by Heroku.

Resource: https://help.heroku.com/GVS2BTB5/why-am-i-getting-error-525-ssl-handshake-failed-with-cloudflare-when-using-a-herokudns-com-endpoint

Upvotes: 8

Anthony
Anthony

Reputation: 14309

In the Crypto settings on Cloudflare under SSL, change your value from Full SSL to Flexible

Upvotes: 7

David
David

Reputation: 8206

Have you tried connecting directly to the host with SSL?

Perhaps try running ssl labs https://www.ssllabs.com/ssltest/analyze.html?d=YOUR-DOMAIN-HERE&latest to view which ciphers are supported etc.

I wonder if the cloudflare proxy to the host supports server name indication (SNI) since I presume that on the host end (Heroku) you don't have a dedicated IP.

Upvotes: 0

Related Questions