adding documentation for forcing ssl and for nextjs (#68)

Author: niedfelj

config/nginx-nextjs-with-forcessl.conf.erb

@@ -0,0 +1,46 @@
+daemon off;
+#Heroku dynos have at least 4 cores.
+worker_processes <%= ENV['NGINX_WORKERS'] || 4 %>;
+
+events {
+	use epoll;
+	accept_mutex on;
+	worker_connections <%= ENV['NGINX_WORKER_CONNECTIONS'] || 1024 %>;
+}
+
+http {
+        gzip on;
+        gzip_comp_level 2;
+        gzip_min_length 512;
+
+	server_tokens off;
+
+	log_format l2met 'measure#nginx.service=$request_time request_id=$http_x_request_id';
+	access_log <%= ENV['NGINX_ACCESS_LOG_PATH'] || 'logs/nginx/access.log' %> l2met;
+	error_log <%= ENV['NGINX_ERROR_LOG_PATH'] || 'logs/nginx/error.log' %>;
+
+	include mime.types;
+	default_type application/octet-stream;
+	sendfile on;
+
+	#Must read the body in 5 seconds.
+	client_body_timeout 5;
+
+	server {
+		listen <%= ENV["PORT"] %>;
+		server_name _;
+		keepalive_timeout 5;
+
+		location / {
+      
+      if ($http_x_forwarded_proto != "https") {
+        return 301 https://$host$request_uri;
+      }
+
+			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+			proxy_set_header Host $http_host;
+			proxy_redirect off;
+			proxy_pass http://localhost:3000; #next serve listens here and receives nginx requests
+		}
+	}
+}

config/nginx.conf.erb

@@ -36,6 +36,11 @@ http {
 		keepalive_timeout 5;
 
 		location / {
+      # Uncomment this if statement to force SSL/redirect http -> https
+      #if ($http_x_forwarded_proto != "https") {
+      #  return 301 https://$host$request_uri;
+      #}
+
 			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 			proxy_set_header Host $http_host;
 			proxy_redirect off;

readme.md

@@ -108,6 +108,16 @@ $ heroku config:set NGINX_WORKER_CONNECTIONS=2048
 
 You can provide your own NGINX config by creating a file named `nginx.conf.erb` in the config directory of your app. Start by copying the buildpack's [default config file](config/nginx.conf.erb).
 
+### Force SSL
+
+You can add a redirect/force SSL based on Heroku headers. Full, commented example in the [default config file](config/nginx.conf.erb) or in the [nextjs with forceSSL config file](config/nginx-nextjs-with-forcessl.conf.erb).
+
+```
+if ($http_x_forwarded_proto != "https") {
+  return 301 https://$host$request_uri;
+}
+```
+
 ### Customizable NGINX Compile Options
 
 This requires a clone of this repository and [Docker](https://www.docker.com/). All you need to do is have Docker setup and running on your machine. The [`Makefile`](Makefile) will take care of the rest.