2

I've developed an application with python (Django) that was using Nginx as server. the application is authenticating users with ssl client certificate, i achieved it Using nginx server and the following configuration:

location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Ssl-Authenticated $ssl_client_verify;
    proxy_set_header X-Ssl-User-Dn $ssl_client_s_dn;
    proxy_pass_header Server;
    proxy_redirect off;
    proxy_connect_timeout 10;
    proxy_read_timeout 10;
    proxy_pass http://localhost:8000/;
}

Then inside the django app i got extra headers when using SSL.

After i was done developing, I deployed my application to heroku just to find out that heroku is doing SSL Termination itself and doesn't pass certificate. Searching online gave me only to a conclusion that i cannot achieve this with heroku.

So as i see it i have few options:

  1. Find a PaaS that handles the SSL Termination AND give me headers
  2. Find a PaaS that will let me handle SSL myself in either way i need to find a new PaaS Provider
  3. Find a Provider that will give me only the SSL Termination i need then proxy_pass will send the request to my heroku site but with the extra headers..

Any recommendations of such a provider? if i can find such a provider that gives me free package while still in developing phase that's a big plus for me..

Thanks alot for helpers!

HagaiCo
  • 696
  • 5
  • 9
  • I believe you are right about SSL Termination at heroku, I believe [this answer has more details](http://stackoverflow.com/a/21486492/484127), and there are official answers on [this AWS thread](https://forums.aws.amazon.com/thread.jspa?threadID=58561). I believe you simply have to look for another host to implement it this way, or authenticate on the application layer. – tutuDajuju Jul 11 '14 at 04:17

0 Answers0