-
-
Save hopewise/3d6f011c7baafce8c828d1186931ca42 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export MIX_ENV=prod | |
export PORT=4000 | |
export SPORT=4001 | |
export SSL_CERT_FILE=/etc/letsencrypt/live/ngspice.dcaclab.com/cert.pem | |
export SSL_CACERT_FILE=/etc/letsencrypt/live/ngspice.dcaclab.com/chain.pem | |
export SSL_KEY_FILE=/etc/letsencrypt/live/ngspice.dcaclab.com/privkey.pem | |
export SSL_DHPARAM_FILE=/etc/letsencrypt/dhparam.pem | |
export LC_ALL=en_US.UTF-8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#/etc/ufw/before.rules | |
*nat | |
:PREROUTING ACCEPT [0:0] | |
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 4000 | |
COMMIT | |
*nat | |
:PREROUTING ACCEPT [0:0] | |
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 4001 | |
COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
use Mix.Config | |
# For production, don't forget to configure the url host | |
# to something meaningful, Phoenix uses this information | |
# when generating URLs. | |
# | |
# Note we also include the path to a cache manifest | |
# containing the digested version of static files. This | |
# manifest is generated by the `mix phx.digest` task, | |
# which you should run after static files are built and | |
# before starting your production server. | |
config :ngspice_proxy, NgspiceProxyWeb.Endpoint, | |
url: [scheme: "https", host: "ngspice.dcaclab.com", port: 443], | |
http: [:inet6, port: System.get_env("PORT") || 4000], | |
https: [ | |
:inet6, | |
port: System.get_env("SPORT") || 4001, | |
otp_app: :ngspice_proxy, | |
cipher_suite: :strong, | |
keyfile: System.get_env("SSL_KEY_FILE"), | |
certfile: System.get_env("SSL_CERT_FILE"), | |
cacertfile: System.get_env("SSL_CACERT_FILE"), | |
dhfile: System.get_env("SSL_DHPARAM_FILE") | |
], | |
cache_static_manifest: "priv/static/cache_manifest.json", | |
server: true, | |
code_reloader: false | |
#config :ngspice_proxy, NgspiceProxyWeb.Endpoint, | |
# http: [:inet6, port: System.get_env("PORT") || 4000], | |
# url: [host: "ngspice_proxy.dcaclab.com", port: 80], | |
# cache_static_manifest: "priv/static/cache_manifest.json", | |
# server: true, | |
# code_reloader: false | |
# Do not print debug messages in production | |
config :logger, level: :info | |
# ## SSL Support | |
# | |
# To get SSL working, you will need to add the `https` key | |
# to the previous section and set your `:url` port to 443: | |
# | |
# config :ngspice_proxy, NgspiceProxyWeb.Endpoint, | |
# ... | |
# url: [host: "example.com", port: 443], | |
# https: [ | |
# :inet6, | |
# port: 443, | |
# cipher_suite: :strong, | |
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"), | |
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH") | |
# ] | |
# | |
# The `cipher_suite` is set to `:strong` to support only the | |
# latest and more secure SSL ciphers. This means old browsers | |
# and clients may not be supported. You can set it to | |
# `:compatible` for wider support. | |
# | |
# `:keyfile` and `:certfile` expect an absolute path to the key | |
# and cert in disk or a relative path inside priv, for example | |
# "priv/ssl/server.key". For all supported SSL configuration | |
# options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1 | |
# | |
# We also recommend setting `force_ssl` in your endpoint, ensuring | |
# no data is ever sent via http, always redirecting to https: | |
# | |
# config :ngspice_proxy, NgspiceProxyWeb.Endpoint, | |
# force_ssl: [hsts: true] | |
# | |
# Check `Plug.SSL` for all available options in `force_ssl`. | |
# ## Using releases (Elixir v1.9+) | |
# | |
# If you are doing OTP releases, you need to instruct Phoenix | |
# to start each relevant endpoint: | |
# | |
config :phoenix, :serve_endpoints, true | |
# | |
# Then you can assemble a release by calling `mix release`. | |
# See `mix help release` for more information. | |
# Finally import the config/prod.secret.exs which loads secrets | |
# and configuration from environment variables. | |
import_config "prod.secret.exs" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment