Hi guys,
thanks for noticing. This is a big PitA at the moment and we want to solve it asap. I tried to make an explanation on what I believe is the root of the problem in a bug thread here:
https://forums.factorio.com/forum/vie ... &t=81#p318.
The problem is really complicated (as the DNS itself) and to be honest I have only a very limited idea of what is wrong and what should have been done.
That said I would really appreciate any Heroku / DNS / SSL guru out here (there) to step up and tell us what exactly are we doing wrong. I am happy to provide very specific details on the setup to someone who understands these sort of things.
Here is my take on how the things are. I have like 10 mins to write this and limited knowledge so most probably there will be mistakes. Don't hesitate to point them out ! Here goes:
1) The webpage is a separate project from the forums + wiki. They have separate domains are written using separate frameworks and are hosted on separate providers. Later on I will talk only about the webpage as the forums and wiki are done using standard php applications and are hosted by kovarex.
2) We are using a PASS called Heroku. They are great and I believe that has been a good choice. They should allow us to scale effortlessly. However this is not based on my personal experience (Factorio is my first project over there). So I am still learning and the mistakes are bound to come
Sorry.
3) The (relevant) setup here is: Heroku + Zerigo DNS + SSL endpoint (there is much more, but this is connected straight to the problem in question here).
4) Handling the domains on Heroku is both clever and complicated (at least to me - pretty much zero SSL and DNS knowledge). AFAIK Heroku app is bound to a single domain - I think that is why the http lookup by the IP address shows rubbish (not rubbish but heroku page which can't resolve the project name because there was no readable http host specified). Naked domain (factorio.com - no www) has to (standard ?) point to an IP adress though. That is a problem when scaling or protection from DDOS has to be done on the Heroku side (if they abandon the IP then the site would seem to be off).
This is where the clever part comes in. They are using a plugin called Zerigo DNS which (from my understanding) acts like a DNS proxy. I provided CNAME for
http://www.factorio.com and they have pointed it to some of their generated domains. This way they can swap the IPS behind without affecting the site visibility to the user.
All is good except from when the user types in factorio.com (naked domain - no www) directly into the browser. In that case if the standard heroku IP doesn't work there is a problem. This is mitigated by the fact that it works most of the time and that we always try to give links in the form of
http://www.factorio.com. And on top of that there is a 301 redirect from factorio.com to
http://www.factorio.com.
So far so good, however then there is an SSL endpoint as well. This includes some further DNS magic by providing a "virtual" domain associated with the SSL endpoint which we gave the DNS provider (Zerigo DNS) as a CNAME for
http://www.factorio.com. My attempts for understanding how the whole thing works pretty much end here. Mind boggling. Dark Magic. 1s and 0s.
5) I sent guys from the Heroku a very long email in which I have explained our situation and asked them for any help / advice they could have. Hope they will help us to resolve this.
I don't want to drastically change the setup (at least for now). Heroku / DB / code everything stays. However I will consider digging (not literally) into the DNS settings whenever I get time. Maybe there is a better solution than dark magic (for me) which I described above.
If you have sufficient knowledge in this area I will appreciate any help.