HTTPS prod config on phoenix 1.2.5

Hi guys!

I need help about https deployment configuration.

I use elixir 1.4.5 & phoenix 1.2.5.

Here are my prod.exs :

config :mygame, Mygame.Endpoint,
cache_static_manifest: “priv/static/manifest.json”,
server: true,
url: [scheme: “https”, host: “www.example”, port: 443],
http: [port: 80],
https: [port: 443,
otp_app: :mygame,
keyfile: “example-path-to/privkey.pem”,
cacertfile: “example-path-to/chain.pem”,
certfile: “example-path-to/cert.pem”]

I start the server with command:
MIX_ENV=prod PORT=80 elixir --detached -S mix phoenix.server

The result in debug.log file is :
[info] Running Mygame.Endpoint with Cowboy using http://localhost:80
[info] Running Mygame.Endpoint with Cowboy using https://localhost:443

When i try to access to my web application with http://, it work .
When i try to access to my web application with https://, it does not work ! And console is illegible…

Thank you for helping me !

:wave:

What do you mean by “illegible” in this context?

15:23:41.684 [error] ** State machine #PID<0.613.0> terminating
** Last event = {{:call, {#PID<0.471.0>, #Reference<0.3110743262.3956801537.227254>}},
 {:new_user, #PID<0.465.0>}}
** When server state  = {:error, 'tls_connection:format_status/2 crashed'}
** Reason for termination = :error::function_clause
** Callback mode = :state_functions
** Stacktrace =
**  [{:tls_connection, :gen_handshake,
  [:error, {:call, {#PID<0.471.0>, #Reference<0.3110743262.3956801537.227254>}},
   {:new_user, #PID<0.465.0>},
   {{:options,
     {:keyfile, '/PROJECTNAME/code/_build/prod/lib/mygame/priv/ssl/privkey.pem',
      []}},
    {:state, :server,
     {#Reference<0.3110743262.3956801537.227241>, #PID<0.471.0>}, :gen_tcp,
     :tls_connection, :tcp, :tcp_closed, :tcp_error, 'localhost', 443,
     #Port<0.11916>,
     {:ssl_options, :tls, [{3, 3}, {3, 2}, {3, 1}], :verify_none,
      {#Function<8.51913203/3 in :ssl.handle_verify_options/2>, []},
      #Function<9.51913203/1 in :ssl.handle_verify_options/2>, false, false,
      :undefined, 1, "/PROJECTNAME/code/_build/prod/lib/mygame/priv/ssl/cert.pem",
      :undefined, "/PROJECTNAME/code/_build/prod/lib/mygame/priv/ssl/privkey.pem",
      :undefined, [], :undefined,
      "/PROJECTNAME/code/_build/prod/lib/mygame/priv/ssl/chain.pem", :undefined,
      :undefined, :undefined, :undefined, :undefined,
      [<<192, 44>>, <<192, 48>>, <<192, 36>>, <<192, 40>>, <<192, 46>>,
       <<192, ...>>, <<...>>, ...],
      #Function<2.51913203/4 in :ssl.handle_options/3>, true, 268435456, false,
      true, :infinity, false, ...},
     {:socket_options, :binary, :raw, 0, 0, false},
     %{current_read: %{beast_mitigation: :one_n_minus_one,
         cipher_state: :undefined, client_verify_data: :undefined,
         compression_state: :undefined, mac_secret: :undefined,
         secure_renegotiation: :undefined,
         security_parameters: {:security_parameters, <<0, 0>>, 0, 0, 0, 0, 0, 0,
          0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined},
         sequence_number: 0, server_verify_data: :undefined},
       current_write: %{beast_mitigation: :one_n_minus_one,
         cipher_state: :undefined, client_verify_data: :undefined,
         compression_state: :undefined, mac_secret: :undefined,
         secure_renegotiation: :undefined,
         security_parameters: {:security_parameters, <<0, 0>>, 0, 0, 0, 0, 0, 0,
          0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined},
         sequence_number: 0, server_verify_data: :undefined},
       pending_read: %{beast_mitigation: :one_n_minus_one,
         cipher_state: :undefined, client_verify_data: :undefined,
         compression_state: :undefined, mac_secret: :undefined,
         secure_renegotiation: :undefined,
         security_parameters: {:security_parameters, :undefined, 0, :undefined,
          :undefined, :undefined, :undefined, :undefined, :undefined,
          :undefined, :undefined, :undefined, :undefined, :undefined,
          :undefined, <<91, 110, ...>>, :undefined},
         server_verify_data: :undefined},
       pending_write: %{beast_mitigation: :one_n_minus_one,
         cipher_state: :undefined, client_verify_data: :undefined,
         compression_state: :undefined, mac_secret: :undefined,
         secure_renegotiation: :undefined,
         security_parameters: {:security_parameters, :undefined, 0, :undefined,
          :undefined, :undefined, :undefined, :undefined, :undefined,
          :undefined, :undefined, :undefined, :undefined, :undefined,
          :undefined, <<91, 110, ...>>, :undefined},
         server_verify_data: :undefined}}, {:protocol_buffers, [], "", "", []},
     0, :undefined, :undefined,
     {:session, :undefined, :undefined, :undefined, :undefined, :undefined,
      :undefined, :undefined, :new, :undefined, :undefined}, :undefined,
     :ssl_session_cache, :undefined, :undefined, :undefined, false, :undefined,
     {:undefined, :undefined}, :undefined, :undefined, :undefined, :undefined,
     :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
     :undefined, :undefined, "", {false, ...}, :undefined, ...}}],
  [file: 'tls_connection.erl', line: 714]},
 {:gen_statem, :call_state_function, 5, [file: 'gen_statem.erl', line: 1240]},
 {:gen_statem, :loop_event, 6, [file: 'gen_statem.erl', line: 1012]},
 {:proc_lib, :init_p_do_apply, 3, [file: 'proc_lib.erl', line: 247]}]

15:23:41.685 [error] ** State machine #PID<0.612.0> terminating
** Last event = {{:call, {#PID<0.470.0>, #Reference<0.3110743262.3956801537.227250>}},
 {:new_user, #PID<0.465.0>}}
** When server state  = {:error, 'tls_connection:format_status/2 crashed'}
** Reason for termination = :error::function_clause
** Callback mode = :state_functions
** Stacktrace =
**  [{:tls_connection, :gen_handshake,
  [:error, {:call, {#PID<0.470.0>, #Reference<0.3110743262.3956801537.227250>}},
   {:new_user, #PID<0.465.0>},
   {{:options,
     {:keyfile, '/PROJECTNAME/code/_build/prod/lib/mygame/priv/ssl/privkey.pem',
      []}},
    {:state, :server,
     {#Reference<0.3110743262.3956801537.227236>, #PID<0.470.0>}, :gen_tcp,
     :tls_connection, :tcp, :tcp_closed, :tcp_error, 'localhost', 443,
     #Port<0.11850>,
     {:ssl_options, :tls, [{3, 3}, {3, 2}, {3, 1}], :verify_none,
      {#Function<8.51913203/3 in :ssl.handle_verify_options/2>, []},
      #Function<9.51913203/1 in :ssl.handle_verify_options/2>, false, false,
      :undefined, 1, "/PROJECTNAME/code/_build/prod/lib/mygame/priv/ssl/cert.pem",
      :undefined, "/PROJECTNAME/code/_build/prod/lib/mygame/priv/ssl/privkey.pem",
      :undefined, [], :undefined,
      "/PROJECTNAME/code/_build/prod/lib/mygame/priv/ssl/chain.pem", :undefined,
      :undefined, :undefined, :undefined, :undefined,
      [<<192, 44>>, <<192, 48>>, <<192, 36>>, <<192, 40>>, <<192, 46>>,
       <<192, ...>>, <<...>>, ...],
      #Function<2.51913203/4 in :ssl.handle_options/3>, true, 268435456, false,
      true, :infinity, false, ...},
     {:socket_options, :binary, :raw, 0, 0, false},
     %{current_read: %{beast_mitigation: :one_n_minus_one,
         cipher_state: :undefined, client_verify_data: :undefined,
         compression_state: :undefined, mac_secret: :undefined,
         secure_renegotiation: :undefined,
         security_parameters: {:security_parameters, <<0, 0>>, 0, 0, 0, 0, 0, 0,
          0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined},
         sequence_number: 0, server_verify_data: :undefined},
       current_write: %{beast_mitigation: :one_n_minus_one,
         cipher_state: :undefined, client_verify_data: :undefined,
         compression_state: :undefined, mac_secret: :undefined,
         secure_renegotiation: :undefined,
         security_parameters: {:security_parameters, <<0, 0>>, 0, 0, 0, 0, 0, 0,
          0, 0, 0, 0, 0, :undefined, :undefined, :undefined, :undefined},
         sequence_number: 0, server_verify_data: :undefined},
       pending_read: %{beast_mitigation: :one_n_minus_one,
         cipher_state: :undefined, client_verify_data: :undefined,
         compression_state: :undefined, mac_secret: :undefined,
         secure_renegotiation: :undefined,
         security_parameters: {:security_parameters, :undefined, 0, :undefined,
          :undefined, :undefined, :undefined, :undefined, :undefined,
          :undefined, :undefined, :undefined, :undefined, :undefined,
          :undefined, <<91, 110, ...>>, :undefined},
         server_verify_data: :undefined},
       pending_write: %{beast_mitigation: :one_n_minus_one,
         cipher_state: :undefined, client_verify_data: :undefined,
         compression_state: :undefined, mac_secret: :undefined,
         secure_renegotiation: :undefined,
         security_parameters: {:security_parameters, :undefined, 0, :undefined,
          :undefined, :undefined, :undefined, :undefined, :undefined,
          :undefined, :undefined, :undefined, :undefined, :undefined,
          :undefined, <<91, 110, ...>>, :undefined},
         server_verify_data: :undefined}}, {:protocol_buffers, [], "", "", []},
     0, :undefined, :undefined,
     {:session, :undefined, :undefined, :undefined, :undefined, :undefined,
      :undefined, :undefined, :new, :undefined, :undefined}, :undefined,
     :ssl_session_cache, :undefined, :undefined, :undefined, false, :undefined,
     {:undefined, :undefined}, :undefined, :undefined, :undefined, :undefined,
     :undefined, :undefined, :undefined, :undefined, :undefined, :undefined,
     :undefined, :undefined, "", {false, ...}, :undefined, ...}}],
  [file: 'tls_connection.erl', line: 714]},
 {:gen_statem, :call_state_function, 5, [file: 'gen_statem.erl', line: 1240]},
 {:gen_statem, :loop_event, 6, [file: 'gen_statem.erl', line: 1012]},
 {:proc_lib, :init_p_do_apply, 3, [file: 'proc_lib.erl', line: 247]}]

:+1: Great, that’s a stacktrace.

Are the paths to pem files correct? Here’s a similar issue https://bugs.erlang.org/browse/ERL-539, the cause there was an incorrect path to cacertfile.

1 Like

Thx a lot !
It was a content file issue !

Now,
What is the best way to force users to used HTTPS url ?

When i access to my website, it’s HTTP by default and not HTTPS.

Thanks !

https://hexdocs.pm/phoenix/endpoint.html#force-ssl

Perfect :wink:
I forgot to compile my modifications…