I have Phoenix app what still has some trouble with SSL. From https://gigalixir.readthedocs.io/en/latest/modify-app/mix.html#configuration-and-secrets I try using that config, but I observe the following behaviours:

http://myapp.com --> redirects to https://www.myapp.com  ok
http://www.myapp.com --> redirects to https://www.myapp.com ok
https://www.myapp.com --> works ok no redirect
https://myapp.com --> Potential Security Risk ahead!!!

The domain is DNSed at GoDaddy. The domain has “forwarding” to http://www.myapp.com but I am not sure what this means. I add CNAME to gigalixir for www and root domain:

gigalixir domains:add www.myapp.com
gigalixir domains:add myapp.com

But GoDaddy does not permit root level CNAME. I think this is problem?

Also I am not understanding why does the example config say port 443? Am I understanding this correctly that Gigalixir listens on PORT? So why does the example config say 443 and both http and port 443?

config :my_app, MyAppWeb.Endpoint,
  http: [port: {:system, "PORT"}], # Possibly not needed, but doesn't hurt
  url: [host: "${APP_NAME}.gigalixirapp.com", port: 443],
  secret_key_base: Map.fetch!(System.get_env(), "SECRET_KEY_BASE"),
  server: true

The DNS also uses A record, but I think this is incorrect.

Is it possible to get HTTPS for both www and root level domain with GoDaddy? Or do I need to find DNS with ALIAS feature? Is there something wrong with my config copied from example doc?

Many thanks!