I have no experience with linode, or with using ufw for port forwarding, but I have a feeling your issue may be related to IPv4 vs. IPV6:
Your application is listening on the IPv6 wildcard interface, as you can see in the netstat output. But your forwarding rules for port 80 and 443 are defined in /etc/ufw/before.rules, which defines firewall rules for IPv4.
I don’t know why port 80 is working, but I would start by removing the :inet6 configuration option in your phoenix endpoint (for both http and https) and see if that helps. If it does, we can always see what it would take to reenable IPv6 (DNS does not return any IPv6 address at this time for this host, though).
Hmm. Nothing in the logs? Can you connect locally, with curl -connect-to localhost:4001 -k https://ngspice.dcaclab.com/ or curl -connect-to [::1]:4001 -k https://ngspice.dcaclab.com/?
So your environment variables are resolved at compile time, but they are only set at runtime. There are a number of ways to handle that, depending on the tooling you’re using.
How did you decide this conclusion? by keyfile: nil, certfile: nil, cacertfile: nil, dhfile: nil ?
so, if I hard codded the paths rather than depending on env vars, might actually solve the issue…
I used edeliver to build at server… hmm I am note sure what to do…
I’m not familiar with edeliver, but it seems to use distillery, which does not use config/release.exs, does it? It has this page on runtime configuration, which may or may not be helpful.
I have managed to start the server in prod mode, I have hard coded the run time env vars, as I am currently need to focus on the https it self, not run time configuration.
Now, when I start the phoenix server, it will start:
17:48:00.459 [info] Running NgspiceProxyWeb.Endpoint with cowboy 2.6.3 at 0.0.0.0:4000 (http)
17:48:00.480 [info] Running NgspiceProxyWeb.Endpoint with cowboy 2.6.3 at 0.0.0.0:4001 (https)
17:48:00.483 [info] Access NgspiceProxyWeb.Endpoint at https://ngspice.dcaclab.com
however, I still can’t access it with https, I have tried to debug using openssl and here is what I got!
openssl s_client -connect ngspice.dcaclab.com:443 -prexit
CONNECTED(00000005)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 321 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 321 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
No TLS handshake appears to be taking place. If the connection does reach your application you should see errors in your logs. If nothing is logged, then it might be an issue with the port forwarding.