Dokku running a Phoenix app on :80 with a nginx proxy to handle SSL. https://reapervirtual.com
When the phx_gen_auth routes generate a transactional email, the transport prefix seems to be http://
“Makes sense,” I think. After all, the prod.exs endpoint is
config :rconlive, RconliveWeb.Endpoint,
url: [host: "reapervirtual.com", port: 80]
80 == http://. Fine. So, how do I get the generated URL to come from https://?
Fiddle with the port? Perhaps it’s using the endpoint config. Nope. Setting the port to 443 tacked a port to the end of the url: http://reapervirtual.com:443/
In desperation, I set the :static_url of the endpoint. Maybe if I explicitly state https://reapervirtual.com in the :static_url of the endpoint? No. This breaks the website.
It’s not a huge deal. I automatically redirect to https, but it would look more professional, IMO, if the transport of the link matched the website.
It’s starting to get under my skin. For the life of me, I can’t see where to make this happen.
Any pointers? Am I missing something really obvious? I can’t find any relevant information in the docs.
(Apologies in advance if this has been answered elsewhere. I couldn’t find it searching the forum.)
Could you try if this what’re looking for using SSL
The endpoint has two sets of configuration: :url for url generation only, and :http for setting up where the webserver listens. So you can configure those things separately.
But also nginx should send forwarding headers (X-Forwarded-Proto), which is parsed by Plug.SSL, which phoenix includes.
See, I thought about that, but that’s for having cowboy serve ssl, and nginx is handling that for me.
Alright! Super close! Your message had me take a closer look at the :url setting. It’s under :scheme!
config :rconlive, RconliveWeb.Endpoint,
url: [host: "reapervirtual.com", port: 80, scheme: "https"]
Thanks so much for helping me rubber duck this.
That port: 80 doesn’t make sense there however, unless you want https://reapervirtual.com:80.
You’re absolutely right. In my excitement and haste, the scheme and port should be in agreement. The following solves my problem:
config :rconlive, RconliveWeb.Endpoint,
url: [host: "reapervirtual.com", port: 443, scheme: "https"]
Nginx does its thing. I don’t have to enable SSL transport in the endpoint, and Phoenix thinks everything is on SSL for URLs.
force_ssl does support reverse proxies and listening on port 80 though. That’s what those X-Forwarded-… headers are for. They tell phoenix when requests were made using https even if cowboy receives an http request. That would then make the url be https automatically instead of needing to hardcode it in config.
I was confused about that. I’ll give it a shot and see what happens.
Edit:
I clearly don’t know how to configure the force_ssl options. Each time I tried, the website breaks under infinite redirects. For now, I’m going to stick with the url: scheme method. It works for my purposes, and I’ll continue to let nginx be concerned with whether or not something is SSL.
