Skip to content

Instantly share code, notes, and snippets.

@hopewise

hopewise/.profile Secret

Created March 20, 2020 16:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hopewise/3d6f011c7baafce8c828d1186931ca42 to your computer and use it in GitHub Desktop.
Save hopewise/3d6f011c7baafce8c828d1186931ca42 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
.profile
export MIX_ENV=prod
export PORT=4000
export SPORT=4001
export SSL_CERT_FILE=/etc/letsencrypt/live/ngspice.dcaclab.com/cert.pem
export SSL_CACERT_FILE=/etc/letsencrypt/live/ngspice.dcaclab.com/chain.pem
export SSL_KEY_FILE=/etc/letsencrypt/live/ngspice.dcaclab.com/privkey.pem
export SSL_DHPARAM_FILE=/etc/letsencrypt/dhparam.pem
export LC_ALL=en_US.UTF-8
Raw
before.rules
#/etc/ufw/before.rules
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 4000
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 4001
COMMIT
Raw
prod.exs
use Mix.Config
# For production, don't forget to configure the url host
# to something meaningful, Phoenix uses this information
# when generating URLs.
#
# Note we also include the path to a cache manifest
# containing the digested version of static files. This
# manifest is generated by the `mix phx.digest` task,
# which you should run after static files are built and
# before starting your production server.
config :ngspice_proxy, NgspiceProxyWeb.Endpoint,
url: [scheme: "https", host: "ngspice.dcaclab.com", port: 443],
http: [:inet6, port: System.get_env("PORT") || 4000],
https: [
:inet6,
port: System.get_env("SPORT") || 4001,
otp_app: :ngspice_proxy,
cipher_suite: :strong,
keyfile: System.get_env("SSL_KEY_FILE"),
certfile: System.get_env("SSL_CERT_FILE"),
cacertfile: System.get_env("SSL_CACERT_FILE"),
dhfile: System.get_env("SSL_DHPARAM_FILE")
],
cache_static_manifest: "priv/static/cache_manifest.json",
server: true,
code_reloader: false
#config :ngspice_proxy, NgspiceProxyWeb.Endpoint,
# http: [:inet6, port: System.get_env("PORT") || 4000],
# url: [host: "ngspice_proxy.dcaclab.com", port: 80],
# cache_static_manifest: "priv/static/cache_manifest.json",
# server: true,
# code_reloader: false
# Do not print debug messages in production
config :logger, level: :info
# ## SSL Support
#
# To get SSL working, you will need to add the `https` key
# to the previous section and set your `:url` port to 443:
#
# config :ngspice_proxy, NgspiceProxyWeb.Endpoint,
# ...
# url: [host: "example.com", port: 443],
# https: [
# :inet6,
# port: 443,
# cipher_suite: :strong,
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")
# ]
#
# The `cipher_suite` is set to `:strong` to support only the
# latest and more secure SSL ciphers. This means old browsers
# and clients may not be supported. You can set it to
# `:compatible` for wider support.
#
# `:keyfile` and `:certfile` expect an absolute path to the key
# and cert in disk or a relative path inside priv, for example
# "priv/ssl/server.key". For all supported SSL configuration
# options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1
#
# We also recommend setting `force_ssl` in your endpoint, ensuring
# no data is ever sent via http, always redirecting to https:
#
# config :ngspice_proxy, NgspiceProxyWeb.Endpoint,
# force_ssl: [hsts: true]
#
# Check `Plug.SSL` for all available options in `force_ssl`.
# ## Using releases (Elixir v1.9+)
#
# If you are doing OTP releases, you need to instruct Phoenix
# to start each relevant endpoint:
#
config :phoenix, :serve_endpoints, true
#
# Then you can assemble a release by calling `mix release`.
# See `mix help release` for more information.
# Finally import the config/prod.secret.exs which loads secrets
# and configuration from environment variables.
import_config "prod.secret.exs"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment