Skip to main content
Your app can detect which protocol is being used by examining a request’s X-Forwarded-Proto header. See HTTP Request Headers for more information.
By default, HTTP(S) Endpoints accept traffic over both HTTP and HTTPS. To disallow HTTP and redirect traffic to HTTPS, enable Force SSL on the endpoint. This is an endpoint setting configured per endpoint, so each HTTP(S) endpoint on the same app can have independent behavior.

Force SSL in detail

Enabling Force SSL on an endpoint causes 2 things to happen:
  • Your HTTP(S) Endpoints will redirect all HTTP requests to HTTPS.
  • Your HTTP(S) Endpoints will set the Strict-Transport-Security header on responses with a max-age of 1 year.
Make sure you understand the implications of setting the Strict-Transport-Security header before using this feature. In particular, by design, clients that connect to your site and receive this header will refuse to reconnect via HTTP for up to a year after they receive the Strict-Transport-Security header.

Enabling Force SSL

Enable or disable Force SSL directly on each endpoint: 
# Enable
aptible endpoints:https:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" --force-ssl

# Disable
aptible endpoints:https:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" --no-force-ssl
In Terraform, set force_ssl = true on the aptible_endpoint resource. You can also toggle this in the Aptible Dashboard on the endpoint’s configuration page.
Migrating from environment variables: FORCE_SSL was previously set as an app configuration variable. Once your endpoints are configured with the desired setting, unset it from your app using aptible config:unset