I am working on security in my application, and hence looking at ssl.
I have seen some different examples on configs for this, including using the https-config-field:
https: [port: 443,
otp_app: :blackbook,
keyfile: Application.get_env(:blackbook, :keyfile),
certfile: Application.get_env(:blackbook, :certfile)
],
(example from this post
and other examples that have lead to my current implementation:
config :app_name, AppNameWeb.Endpoint,
load_from_system_env: true,
http: [:inet6, port: System.get_env("PORT") || 4000],
force_ssl: [rewrite_on: [:x_forwarded_proto]],
url: [
scheme: "https",
host: "#{APP_NAME}.gigalixirapp.com",
port: System.get_env("PORT") || 443
],
cache_static_manifest: "priv/static/cache_manifest.json",
server: true,
root: ".",
secret_key_base: "${SECRET_KEY_BASE}",
version: Application.spec(:app_name :vsn),
secret_key_base: System.get_env("SECRET_KEY_BASE") || raise("SECRET_KEY_BASE doesn't exist")
What are the differences between them, and is one of them more correct than the other?
I am also wondering why I in some examples have seen htst: true
in the force_ssl?
Using Phoenix 1.4.0