silverdr
Serving Phoenix application - rev proxy?
How do you typically serve Phoenix applications? It’s common for many envs to have a reverse proxy (pure http server) set as the “first line of defence”, typically also serving static files. Do you use this kind of setup also for Phx applications? If not then why is it not needed?
Most Liked
maz
In my Traefik setup I put the https and cert management completely on the shoulders of Traefik. The phoenix app just continues to listen on 4000 via the docker port mapping. The only unusual change on the Phoenix side was that in runtime.exs I do:
config :markably, MarkablyWeb.Endpoint,
...
# https://forum.elixirforum.com/t/remove-port-from-router-url-helpers/18780/2?u=maz
url: [host: host, scheme: "https", port: 443], # needed to avoid rendering port 4000 in routes
...
derpycoder
I used Caddy for local development.
Will deploy it someday. It’s super easy.
It automatically fetches and renews Letsencrypt certs for your main domain and subdomains.
Also, it’s 4x faster than Nginx and super simple to use.
www.derpycoder.site {
redir https://derpycoder.site permanent
}
derpycoder.site {
tls certs/caddy/cert.pem certs/caddy/key.pem // For local development I used Mkcert, remove this in Production
encode zstd gzip
reverse_proxy localhost:4000 {
header_up Host {host}
header_up Origin {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-Host {host}
header_up X-Forwarded-Server {host}
header_up X-Forwarded-Port {port}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_down Access-Control-Allow-Origin https://derpycoder.site
header_down Access-Control-Allow-Credentials true
}
}
docs.derpycoder.site {
encode zstd gzip
root * doc
file_server browse
}
I can have basic-auth to protect subdomains, using Caddy Auth, if you have apps that are admin-only.
It’s really useful apart from security as well, for instance, you can do rolling or canary deployment, and Caddy will route traffic to one instance or the other.
I don’t know how to do the Active-Active load balancing using Keepalived, perhaps others have experience with that.
Hermanverschooten
I used to reverse proxy with Nginx, but lately I just serve directly from Phoenix with site_encrypt
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #elixirconf-us
- #advent-of-code
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #hex









