# Setting up a Domain with Heroku and Route 53 Heroku is still an easy place to deploy web apps and background services. However, setting up a custom domain which works with TLS is a bit of a challenge. There are a few approaches, and the process can take a lot of time due to domain verification and DNS propagation. It does not help that there is scarce information how to do this in a way which works for all cases. I am making the assumption that you purchased your domain through Route 53, and that you intend to use AWS ACM to issue the certificate. You should not need to make any changes on Heroku's side. All of the configuration will be in AWS. We will: * Use ACM to request and receive a TLS certificate * Use CloudFront to route Internet traffic from our app, and handle route aliases and TLS for us * Use Route 53 to set up the rules DNS will use to direct requests to CloudFront ## AWS ACM We will use AWS Certificate Manager (ACM) to create our TLS certificate. First, log into AWS. Visit AWS Certificate Manager (ACM). Request a new certificate. Add both `www.example-app.com` and `example-app.com` as "Fully qualified domain names". Use DNS validation. Click Request. In ACM, click "List certificates" and find your new certificate request. Click the "Certificate ID" for the certificate request. Click "Create records in Route 53". Wait for the certificate request to be approved. ## AWS CloudFront We will use CloudFront to route traffic to our site on Heroku. It will also handle `https://` URLs and URLs prefixed with `www.` or not. Visit AWS CloudFront. Create a new distribution. * For the "Origin domain", paste in your Heroku URL, such as `http://example-app-f630cb356eb5.herokuapp.com/`. * Set the protocol to "Match viewer". * For "Allowed HTTP methods", choose "GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE". * You may choose to enable WAF or not. * Add both `example-app.com` and `www.example-app.com` to your "Alternate domain name (CNAME)". * Attach your "Custom SSL certificate". * Set the "Viewer protocol policy" to "Redirect HTTP to HTTPS". Create your distribution. Make a note of your "Distribution domain name". ## Route 53 Finally, we need to update the records in Route 53 so that traffic to your domain name is directed to CloudFront, and then to Heroku. Visit Route 53. Visit "Hosted zones" and click "Create hosted zone". "Domain name" should be `example-app.com`. Visit "Hosted zones" and click on the "Hosted zone name" for your new hosted zone. You will need to add two records: * First record * "Record name" should be just `example-app.com` * "Record type" should be `A` * "Value" should be your "Distribution domain name" from earlier * Second record * "Record name" should be just `www.example-app.com` * "Record type" should be `A` * "Alias" should be enabled * Change the "Route traffic to" dropdown to read "Alias to another record in this hosted zone", and the subsequent dropdown to read `example-app.com.` (note the period) ## Conclusion Wait a little bit. Depending on your settings, the following URLs should work: * `https://example-app.com` * `https://www.example-app.com` If you chose to permit non-TLS traffic, then the following should also work: * `https://example-app.com` * `https://www.example-app.com` ## References * [Amazon AWS: Routing traffic to an Amazon CloudFront distribution by using your domain name](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) explains how to set up Route 53 so that your domain points to CloudFront properly. * [Amazon AWS: Using custom URLs by adding alternate domain names (CNAMEs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html) explains how to set up CloudFront with your TLS certificate and your Route 53 domain name. * [Amazon AWS: Working with distributions — Using various origins](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html#concept_CustomOrigin) explains how to point CloudFront at an external site (in our case, Heroku).