So, have you already added server: true
and http: [port: 4013]
to your endpoint configuration?
My prod.exs
now looks like this:
config :wtmitu, WtmituWeb.Endpoint,
load_from_system_env: false,
url: [host: "127.0.0.1"],
http: [ port: 4013 ],
cache_static_manifest: "priv/static/cache_manifest.json",
check_origin: true,
root: ".",
version: Mix.Project.config[:version]
config :logger, level: :info
config :phoenix, :serve_endpoints, true
import_config "prod.secret.exs"
And I have config :wtmitu, WtmituWeb.Endpoint, server: true
in prod.secret.exs
Iām building a new release now.
That is a good point, maybe try something like
http: [port: 4013]
I wish I could confirm this setting, but I donāt have access to our production servers right now
I mean you are so German it physically hurts xD (speaking as a fellow German, donāt worry, we are all kind of like that)
Try changing your production config to use
config :your_app, YourApp.Endpoint,
http: [port: 4013]
and remove the :url
option
This attitude of āIām right, so noone else isā? Yes, Iām totally guilty of that
Now we understand each other!
Even though I am not sure I can agreeā¦ Unless you admit I was right first!
Trying that now.
If that does not work, try to change the :url
option to use port: 80
- it does not make sense to me, but you knowā¦
I deployed a standalone cowboy server before, and you can not make it listen to port 80, unless it is running on root
- are you using a separate user for you app? Something like deploy
app_user
or whatever?
EDIT: You should be using a separate user, donāt run your apps on root.
Yes, its not running as root
Guys, if itās easier, I can put the app on a public GitHub repo? Thereās nothing private about it, other than the db config, and a sendmail key, which are in prod.secret.exs
.
I really appreciate your trying to help, so am happy to do whatever I can to help you help me. Sh*t, if it comes to it, Iāll give you access to the server if necessaryā¦
Still no joy with the changes to the config suggested.
I need to pop out now for an hour, my dogās begging for her walk
Try to keep your projects obscure, even if you donāt think itās not a big dealā¦ Hackers will try to hijack your app - I would bet everything I have that your server is already under attack, if it has been online for more than 24 hours.
There are a lot of possible pitfalls, maybe we have reached the limits of a forum in terms of solutions - you can send me a message and I will try to help you, or message someone else in this thread, I am sure they will try to help as well.
There are requests in the Nginx logs that arenāt from me going back to when I first set the server up yesterday morning. Maybe I should tear it down and re-build, and use a different app name. I did wonder about including the app name in a reply earlier, should have thought harder.
I will pm you when I get back, donāt like messaging if not offered
Consider this an offer
EDIT: I am also active on the Discord Server, that might make things easier (communication).
LOL, no, thatās pointless. Any publicly exposed interface on the net is under constant automated attack.
Yes, but itās annoying to see those thousands daily attempt to ssh in. I usually change the default sshd port, to rule out all bots trying to connect on port 22. This alone is enough to make my access.log quiet. There is also fail2ban which can help keeping the nosy scripts out. Iām far from being a network security expert, so I guess there is a lot more that could be done, like i.e. setting up ufw to start with. But this is not the topic of this thread.
That was why I thought about tearing down and re-building my server - quick thought out loud. I didnāt set up ufw
until today, and as Iām definitely not a network security expert I donāt know what I may have left open.
I will look into that.
Maybe not, but itās my thread so I would be happy with this sort of tangent. After all, it canāt hurt.
Edit: I guess a good start, just in case, would be to change my ssh key, and replace the authorised_keys
file.
Be careful not to lock you out of your droplet by changing the sshd port before allowing the new one in the firewall!
Will do