

Announcing Better SSL for your Heroku App - bgentry
http://blog.heroku.com/archives/2012/5/3/announcing_better_ssl_for_your_app/

======
ccollins
"Client IP address is forwarded to application as X-Forwarded-For" is the
biggest news here.

Previously, it cost $100 per month to have access to the Client IP over SSL,
so any sort of geo-location was out of the question.

Insane prices for arbitrary things are why I left Heroku a few months ago and
decided to custom build my servers on Linode.

~~~
gemlogger
Isn't this just Heroku copying what cloudflare already has on offer?

~~~
bgentry
This is a standard HTTP Proxy header:
<https://en.wikipedia.org/wiki/X-Forwarded-For>

~~~
revelation
In fact, the "X" indicates it is not a standard header. But yes, very common
for proxies to pass on.

------
bradleyjg
Maybe Heroku can license the technology to Google, since the Google App Engine
team has seemingly been unable to launch a similar solution three years after
putting it on their roadmap.

------
trun
Here are the new features...

    
    
      - Instant provisioning
      - Client IP address is forwarded to application as X-Forwarded-For
      - Better validation of certificate files
      - Rollback of certificate changes

------
Shanewho
$20/mo for SSL is crazy.

~~~
jarcoal
It's because they have to provision an Elastic Load Balancer to sit in front
of your app. That's the only way they can acquire additional IP addresses from
AWS.

They make no money on this arrangement, they are simply passing the ELB costs
on to you.

~~~
davepeck
ELB endpoints are domain names, not IP addresses. How would ELB help them
"acquire additional IP addresses"?

~~~
ropiku
Unless you use SNI (which is only supported in some browsers) you have to have
one IP per SSL host as the certificate is sent before decoding the request.
ELB doesn't use that and must have 1 IP per hostname.

~~~
axiak
Most importantly -- any IE on Windows XP.

------
vailripper
Does this support wildcard SSL certs?

~~~
mgorsuch
It does!

