DocsGuides
Apps
Endpoints
- Introduction to Endpoints
- HTTP(S) Endpoints
- ALB vs. ELB Endpoints
- Endpoint Logs
- Health Checks
- HTTP Request Headers
- HTTPS Protocols
- HTTPS Redirect
- Maintenance Page
- TLS Endpoints
- TCP Endpoints
- Default Domain
- Custom Domain
- Custom Certificate
- Managed TLS
- External Placement
- Internal Placement
- IP Filtering
- Endpoint Timeouts
Databases
Containers
Stacks
CLI
- Aptible CLI
- aptible apps
- aptible apps:create
- aptible apps:deprovision
- aptible apps:rename
- aptible apps:scale
- aptible backup:list
- aptible backup:orphaned
- aptible backup:purge
- aptible backup:restore
- aptible config
- aptible config:add
- aptible config:rm
- aptible config:set
- aptible config:unset
- aptible db:backup
- aptible db:clone
- aptible db:create
- aptible db:deprovision
- aptible db:dump
- aptible db:execute
- aptible db:list
- aptible db:modify
- aptible db:reload
- aptible db:rename
- aptible db:replicate
- aptible db:restart
- aptible db:tunnel
- aptible db:url
- aptible db:versions
- aptible deploy
- aptible domains
- aptible endpoints:database:create
- aptible endpoints:database:modify
- aptible endpoints:deprovision
- aptible endpoints:https:create
- aptible endpoints:https:modify
- aptible endpoints:list
- aptible endpoints:renew
- aptible endpoints:tcp:create
- aptible endpoints:tcp:modify
- aptible endpoints:tls:create
- aptible endpoints:tls:modify
- aptible environment:ca_cert
- aptible environment:list
- aptible environment:rename
- aptible help
- aptible log_drain:create:datadog
- aptible log_drain:create:elasticsearch
- aptible log_drain:create:https
- aptible log_drain:create:logdna
- aptible log_drain:create:papertrail
- aptible log_drain:create:sumologic
- aptible log_drain:create:syslog
- aptible log_drain:deprovision
- aptible log_drain:list
- aptible login
- aptible logs
- aptible logs_from_archive
- aptible metric_drain:create:datadog
- aptible metric_drain:create:influxdb
- aptible metric_drain:create:influxdb:custom
- aptible metric_drain:deprovision
- aptible metric_drain:list
- aptible operation:cancel
- aptible operation:follow
- aptible operation:logs
- aptible rebuild
- aptible restart
- aptible services
- aptible ssh
- aptible version
Tutorials
- Application Performance Monitoring
- CI Integration
- Aptible Demo App
- Deploying Grafana
- Direct Docker Image Deploy Example
- Dockerfile Deploy Example
- Exposing a Web App to the Internet
- Using Nginx with Aptible Endpoints
- Quickstart Guides
- Setting up Logging
- Automating Database Migrations
- Dockerfile Caching
- Using Domain Apex with Endpoints
- Accepting File Uploads
- Scheduling Tasks
- Serving Static Assets
- Terraform
- How to test a PostgreSQL Database's schema on a new version
- How to dump and restore PostgreSQL
- How to upgrade PostgreSQL with logical replication
- How to upgrade Redis
- How to upgrade MongoDB
- How to use mysqldump to Test for Upgrade Incompatabilities
- How to dump and restore MySQL
Troubleshooting
- Aptible Support
- App Processing Requests Slowly
- This Application Crashed
- before_release Commands Failed
- Build Failed
- Container Failed to Start
- Certificate Signing Requests
- Deploys Take Too long
- git Reference Error
- git Push "Everything up-to-date."
- HTTP Health Checks Failed
- App Logs Not Being Received
- PostgreSQL Replica max_connections
- Connecting to MongoDB fails
- MySQL Access Denied
- No CMD or Procfile in Image
- git Push Permission Denied
- aptible ssh Permission Denied
- PostgreSQL Incomplete Startup Packet
- PostgreSQL SSL Off
- Private Key Must Match Certificate
- aptible ssh Operation Timed Out
- SSL error ERR_CERT_AUTHORITY_INVALID
- SSL error ERR_CERT_COMMON_NAME_INVALID
- Unexpected Requests in App Logs
HTTPS Redirect
📘 Tip
Your app can detect which protocol is being used by examining a request's X-Forwarded-Proto header. See HTTP Request Headers for more information.By default, HTTP(S) Endpoints accept traffic over both HTTP and HTTPS.
To disallow HTTP and redirect traffic to HTTPS at the Endpoint level, you can set the FORCE_SSL Configuration variable to true (it must be set to the string true, not just any value).
FORCE_SSL in detail
Setting FORCE_SSL=true on an app causes 2 things to happen:
- Your HTTP(S) Endpoints will redirect all HTTP requests to HTTPS.
- Your HTTP(S) Endpoints will set the
Strict-Transport-Securityheader on responses with a max age of 1 year.
Make sure you understand the implications of setting the Strict-Transport-Security header before using this feature.
In particular, by design, clients that connect to your site and receive this header will refuse to reconnect via HTTP for up to a year after they receive the Strict-Transport-Security header.
Enabling FORCE_SSL
To set FORCE_SSL, you'll need to use the aptible config:set command.
The value must be set to the string true (e.g. setting to 1 won't work).
aptible config:set --app "$APP_HANDLE" \
"FORCE_SSL=true"HTTPS Redirect
