In short, you don't need an SSL certicate on Heroku at all, but
Cloudflare settings need to be
- SSL/TLS encryption mode is Flexible.
- Page Rules. You can only set 3 for free for a given domain name.
-
*.your.tld/*
- Always Use HTTPS
-
It is related to this post, where he uses WordPress (and the correlated MySQL / AWS S3.)
Complete Guide To Hosting Wordpress On Heroku With SSL Certification
aryaziai ・ May 26 ・ 7 min read
I am going to ditch Google Cloud Run for Heroku for now. I still get full power of Docker, with no problem of custom domain mapping (and avoid some meager payment, not free).
This website, with CORS-enabled public OpenAPI, actually. (Some other securities I put in are Helmet and Rate-Limiting, as well as database user being read-only.)
Top comments (1)
Thanks dude, you really saved my day! After hours of setting up custom domain and SSL, I was almost frustrated to find this message from my last hope.