How to redirect to HTTPS with .htaccess on Heroku Cedar stack

Question

I\'m new to cloud hosting...

I\'m working on a PHP web app that\'s hosted on Heroku as a \"Cedar\" app. Heroku offers \"piggy back\" SSL to all their subdomains, so

Answer 1

After spending all day on this, I figured it out!!

The issue is eloquently summarized here.

Bottom line: Heroku sets its own custom header to indicate the ORIGINAL scheme of the traffic (before SSL terminated at the load balancer).

So THIS works in an .htaccess file on Heroku

##Force SSL 

#Normal way (in case you need to deploy to NON-heroku)
RewriteCond %{HTTPS} !=on

#Heroku way
RewriteCond %{HTTP:X-Forwarded-Proto} !https 

#If neither above conditions are met, redirect to https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The secret sauce is the line with HTTP:X-Forwarded-Proto.

Hope this helps someone else having the same issues! At the time of writing this there is ZERO documentation on this.

Answer 2

I added one line to the great answer given above so it doesn't break my local dev environment which doesn't have SSL configured:

# If header is present in the request
RewriteCond %{HTTP:X-Forwarded-Proto} .

(Note RewriteRule is applied only if all preceeding RewriteCond's hold).

Answer 3

If heroku is not picking up your .htaccess file you might have to use a a custom application level Apache configuration as documented by heroku

Basically you'll need to add this to your profile: web: vendor/bin/heroku-php-apache2 -C apache_app.conf