Setting up https on a server with Phoenix/Elixir and nginx

Question

I know how to setup https for, say, clojure web app with nginx. How to do that for Phoenix? In the prod.exs I have this:

config :my_app, MyApp.Endpoint,
  url: [host: "my_website.com", port: 443],
  http: [port: 4000],
#  https: [port: 443,
#          keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
#          certfile: System.get_env("SOME_APP_SSL_CERT_PATH")],

  cache_static_manifest: "priv/static/manifest.json"

I have this:

ssl_certificate:  /etc/letsencrypt/live/my_app.com/fullchain.pem;
ssl_certificate_key: /etc/letsencrypt/live/my_app.com/privkey.pem;

I want to use nginx with Phoenix as well.

1) Should I remove "http: [port: 4000]," compeletely from "prod.exs"?

2) Should I instead uncomment "https: [port: 443,...." ? Or should I have them both? I don't want to website to be accessible at http or I'd let nginx take care of it by redirecting a user from http to https.

3) Or should I remove https and http and let nginx handle that?

4) How about the key "url" and its "port"?

Jason Harrelson Jason Harrelson · Accepted Answer · 2016-08-22T15:41:10

If you are using Nginx to terminate the SSL part of the connection, then you leave the app server configured for HTTP and any port you like (4000 is fine as long as you configure Nginx to forward to it). If your server is configured correctly, it will not answer HTTP port 4000 requests, thus the SSL cannot be bypassed.

The SSL configuration you are referring to at the app server level configures the app server to terminate the SSL connection (no Nginx necessary). Phoenix apps are all "full featured" web servers thanks to cowboy. Thus, they can handle the SSL termination as well as serving the application's dynamic and static assets.

The URL configuration is so your application knows its domain and can generate full urls as well as paths.

Setting up https on a server with Phoenix/Elixir and nginx

2 Answers