Reputation: 1014
How to make dokku deploy app to https connection only
I added domain to my dokku app
dokku domains:add myapp example.com
then I encrypted the app connection
dokku letsencrypt myapp
the problem is when I deployed my app it deployed to http and https connections
=====> Application deployed:
http://example.com
https://example.com
My question is how to make dokku deploy app to https connection only
The reason behind make dokku only deploy app to
httpsconnection
Because if app deploy to
httpconnection then the attacker can access my app via requestedhttpconnectionhttp://example.comusing postman (for example or other tool). An example of this case isheruko.comit is encrypted using Letsencrypt but if you try to make request using http connectionhttp://heruko.comvia postman then success response will returned.Another reason that if the
httpscertificate expires then the attacker can access my app via http connection
Upvotes: 1
Views: 413
Answers (1)
Reputation: 2060
Dokku should redirect any requests to http-URLs to the respective https-URLs. So your visitors should be protected.
It is not a problem if an attacker accesses your app using http. The only difference is that anyone between your server and the hacker could intercept and modify the request data. But your server is not less secured when the http-URL is used.
Https is only used to protect the data between your visitors and your server. It does not protect your server in any way.
Upvotes: 1
Related Questions
- Creating a Deno https server
- Cannot attach letsencrypt to dokku
- Dokku keycloak too many redirects
- How to access app on Dokku when it's deployed on dokku-ubuntu-s-1vcpu-1gb-nyc1-01?
- Route multiple SSL certificate into one application
- Enabling TLS 1.0 on Dokku
- Disabling HTTPS redirect in nginx.conf on Dokku
- How do i configure SSL with Dokku on an amazon EC2 instance?
- ssl for dokku and digital ocean
- SSL on dokku+nginx