You’d probably set cowboy to listen on two ports, one for http traffic and one for https.
So something like that would probably work
config :hello_phoenix, HelloPhoenix.Endpoint,
http: [port: 4000], # what cowboy binds to to listen for plain traffic
url: [scheme: "https", host: "example.com", port: 443], # <- used only for generated urls
https: [port: 4001, # what cowboy binds to to listen for encrypted traffic
I have no idea how to configure phoenix to use DNS level ssl.
Not sure what you mean by “DNS level” (lets encrypt’s dns validation?), but all certs generated by letsencrypt are the same, no matter what approach was used. So you just point cowboy to key, cert, and cacert, (to which it should have read rights) and it should work.
I had to shut down the web server (cowboy2/phx app) and remove the port forward 80 to 4000 firewall rule.
With this I can self generate my ssl cert with certbot using this tutorial.
I’ll keep traefik.io in mind for the future. For now I’d like to keep my stack as small as possible since I’m a one man team and kinda want to get my web app going along with as little dev ops as possible.
I also learned a bit more about prod.exs config file and a pretty neat looking web proxy traefik.