Canonical Domain (www -> non-www with SSL)

Hi!

I have a the following configuration which works great for the following domain: lxp.mydomain.com. However I need to redirect eveything that comes as www.lxp.mydomain.com to lxp.mydomain.com with SSL support.

How can I configure the Endpoint to support this?

api_url="lxp.mydomain.com"

config :lxp, LxpWeb.Endpoint,
  debug_errors: true,
  http: [
    port: 80,
    protocol_options: [max_keepalive: 5_000_000]
  ],
  url: [host: api_url],
  force_ssl: [hsts: true, rewrite_on: [:x_forwarded_proto]],
  https: [
    port: 443,
    otp_app: :lxp,
    cipher_suite: :strong,
    protocol_options: [max_keepalive: 5_000_000],
    keyfile: "/etc/letsencrypt/live/" <> api_url <> "/privkey.pem",
    cacertfile: "/etc/letsencrypt/live/" <> api_url <> "/chain.pem",
    certfile: "/etc/letsencrypt/live/" <> api_url <> "/cert.pem",
    versions: [:"tlsv1.3", :"tlsv1.2"],
    honor_cipher_order: true,
    ciphers: [
      'TLS_AES_128_GCM_SHA256',
      'TLS_AES_256_GCM_SHA384',
      'TLS_CHACHA20_POLY1305_SHA256',
      'ECDHE-ECDSA-AES128-GCM-SHA256',
      'ECDHE-RSA-AES128-GCM-SHA256',
      'ECDHE-ECDSA-AES256-GCM-SHA384',
      'ECDHE-RSA-AES256-GCM-SHA384',
      'ECDHE-ECDSA-CHACHA20-POLY1305',
      'ECDHE-RSA-CHACHA20-POLY1305',
      'DHE-RSA-AES128-GCM-SHA256',
      'DHE-RSA-AES256-GCM-SHA384'
    ],
    eccs: [:x25519, :secp256r1, :secp384r1],
    secure_renegotiate: true,
    reuse_sessions: true,
    transport_options: [socket_opts: [:inet6]]
  ],
  check_origin: true,
  cache_static_manifest: "priv/static/cache_manifest.json",
  secret_key_base: secret_key_base

This library does what you are asking for:

For example, if your CANONICAL_HOST is www.example.com but your application is accessible via both example.com and www.example.com, all traffic coming through example.com will be redirected (with a 301 HTTP status) to the matching www.example.com URL.

thnx! @Exadra37

1 Like