2 Commits

  1. 4
      .env.example
  2. 9
      CHANGELOG.md
  3. 55
      config/prod.exs
  4. 24
      config/releases.exs
  5. 42
      lib/mirage_web/endpoint.ex
  6. 3
      mix.exs

4
.env.example

@ -1,4 +1,6 @@
SECRET_KEY_BASE=
DATABASE_URL=
PUBLIC_URL=
PORT=
PORT=
MIRAGE_KEY_PATH=
MIRAGE_CERT_PATH=

9
CHANGELOG.md

@ -5,6 +5,15 @@ See [Conventional Commits](Https://conventionalcommits.org) for commit guideline
<!-- changelog -->
## [v0.34.0](https://git.inhji.de/inhji/mirage/compare/v0.33.0...v0.34.0) (2021-02-14)
### Features:
* remove site_encrypt
## [v0.33.0](https://git.inhji.de/inhji/mirage/compare/v0.32.0...v0.33.0) (2021-02-14)

55
config/prod.exs

@ -1,55 +0,0 @@
use Mix.Config
# For production, don't forget to configure the url host
# to something meaningful, Phoenix uses this information
# when generating URLs.
#
# Note we also include the path to a cache manifest
# containing the digested version of static files. This
# manifest is generated by the `mix phx.digest` task,
# which you should run after static files are built and
# before starting your production server.
config :mirage, MirageWeb.Endpoint,
url: [host: "example.com", port: 80],
cache_static_manifest: "priv/static/cache_manifest.json",
pool_size: 2
# Do not print debug messages in production
config :logger, level: :info
# ## SSL Support
#
# To get SSL working, you will need to add the `https` key
# to the previous section and set your `:url` port to 443:
#
# config :mirage, MirageWeb.Endpoint,
# ...
# url: [host: "example.com", port: 443],
# https: [
# port: 443,
# cipher_suite: :strong,
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH"),
# transport_options: [socket_opts: [:inet6]]
# ]
#
# The `cipher_suite` is set to `:strong` to support only the
# latest and more secure SSL ciphers. This means old browsers
# and clients may not be supported. You can set it to
# `:compatible` for wider support.
#
# `:keyfile` and `:certfile` expect an absolute path to the key
# and cert in disk or a relative path inside priv, for example
# "priv/ssl/server.key". For all supported SSL configuration
# options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1
#
# We also recommend setting `force_ssl` in your endpoint, ensuring
# no data is ever sent via http, always redirecting to https:
#
# config :mirage, MirageWeb.Endpoint,
# force_ssl: [hsts: true]
#
# Check `Plug.SSL` for all available options in `force_ssl`.
# Finally import the config/prod.secret.exs which loads secrets
# and configuration from environment variables.

24
config/releases.exs

@ -29,13 +29,37 @@ public_url =
For example: mirage.gigalixirapp.com
"""
key_path =
System.get_env("MIRAGE_KEY_PATH") ||
raise """
environment variable MIRAGE_KEY_PATH is missing.
For example: /opt/mirage/mirage.key
"""
cert_path =
System.get_env("MIRAGE_CERT_PATH") ||
raise """
environment variable MIRAGE_CERT_PATH is missing.
For example: /opt/mirage/mirage.cert
"""
config :mirage, MirageWeb.Endpoint,
http: [
port: String.to_integer(System.get_env("PORT") || "4000"),
transport_options: [socket_opts: [:inet6]]
],
https: [
port: 443,
cipher_suite: :strong,
keyfile: key_path,
certfile: cert_path,
transport_options: [socket_opts: [:inet6]]
],
force_ssl: [hsts: false],
url: [host: public_url, port: 443],
secret_key_base: secret_key_base,
cache_static_manifest: "priv/static/cache_manifest.json",
pool_size: 2,
server: true
# ## Using releases (Elixir v1.9+)

42
lib/mirage_web/endpoint.ex

@ -1,45 +1,5 @@
defmodule MirageWeb.Endpoint do
use Phoenix.Endpoint, otp_app: :mirage
use SiteEncrypt.Phoenix
@impl SiteEncrypt
def certification do
SiteEncrypt.configure(
# Note that native client is very immature. If you want a more stable behaviour, you can
# provide `:certbot` instead. Note that in this case certbot needs to be installed on the
# host machine.
client: :certbot,
domains: ["beta.inhji.de", "inhji.de"],
emails: ["johnnie@posteo.de"],
# By default the certs will be stored in tmp/site_encrypt_db, which is convenient for
# local development. Make sure that tmp folder is gitignored.
#
# Set OS env var SITE_ENCRYPT_DB on staging/production hosts to some absolute path
# outside of the deployment folder. Otherwise, the deploy may delete the db_folder,
# which will effectively remove the generated key and certificate files.
db_folder: System.get_env("SITE_ENCRYPT_DB", Path.join("tmp", "site_encrypt_db")),
# set OS env var CERT_MODE to "staging" or "production" on staging/production hosts
directory_url:
case System.get_env("CERT_MODE", "local") do
"local" -> {:internal, port: 4002}
"staging" -> "https://acme-staging-v02.api.letsencrypt.org/directory"
"production" -> "https://acme-v02.api.letsencrypt.org/directory"
end
)
end
@impl Phoenix.Endpoint
def init(_key, config) do
{:ok,
config
|> SiteEncrypt.Phoenix.configure_https(port: 4001)
|> Keyword.merge(
url: [scheme: "https", host: "localhost", port: 4001],
http: [port: 4000]
)}
end
# The session will be stored in the cookie and signed,
# this means its contents can be read but not tampered with.
@ -56,8 +16,6 @@ defmodule MirageWeb.Endpoint do
socket "/live", Phoenix.LiveView.Socket, websocket: [connect_info: [session: @session_options]]
plug Plug.SSL, exclude: [], host: "localhost:4001"
# Serve at "/" the static files from "priv/static" directory.
#
# You should set gzip to true if you are running phx.digest

3
mix.exs

@ -1,7 +1,7 @@
defmodule Mirage.MixProject do
use Mix.Project
@version "0.33.0"
@version "0.34.0"
def project do
[
@ -52,7 +52,6 @@ defmodule Mirage.MixProject do
{:phx_gen_auth, "~> 0.6", only: [:dev], runtime: false},
{:plug_cowboy, "~> 2.0"},
{:postgrex, ">= 0.0.0"},
{:site_encrypt, "~> 0.4"},
{:slugger, "~> 0.3"},
{:telemetry_metrics, "~> 0.4"},
{:telemetry_poller, "~> 0.4"},

Loading…
Cancel
Save