DEV Community

Pacharapol Withayasakpunt
Pacharapol Withayasakpunt

Posted on

SSL for custom domain on free-tier Heroku can be done with proper Cloudflare settings

In short, you don't need an SSL certicate on Heroku at all, but

Cloudflare settings need to be

  • SSL/TLS encryption mode is Flexible.
  • Page Rules. You can only set 3 for free for a given domain name.
    • *.your.tld/*
      • Always Use HTTPS

It is related to this post, where he uses WordPress (and the correlated MySQL / AWS S3.)

I am going to ditch Google Cloud Run for Heroku for now. I still get full power of Docker, with no problem of custom domain mapping (and avoid some meager payment, not free).

This website, with CORS-enabled public OpenAPI, actually. (Some other securities I put in are Helmet and Rate-Limiting, as well as database user being read-only.)

GitHub logo patarapolw / jpapi

An OpenAPI for Japanese with CORS enabled with full MongoDB query language

Top comments (1)

irvan profile image
Irvan Fauziansyah

Thanks dude, you really saved my day! After hours of setting up custom domain and SSL, I was almost frustrated to find this message from my last hope.

▸ You need to be running on either Hobby or Professional dynos to be able to use SNI SSL.
Enter fullscreen mode Exit fullscreen mode