Phoenix/Elixir App Secured with Let’s Encrypt

Image for post
Image for post

Originally posted on January 7, 2016. The article was updated May 31, 2017 based on the many wonderful updates to Let’s Encrypt and Elixir/Phoenix.

In this article we are going to setup a Phoenix web application (running Elixir) with SSL configured using LetsEncrypt (i.e. all traffic running through SSL / HTTPS) and certbot.

Let’s Encrypt continues to promising, and a year since I first wrote this article looks like a lot has changed. First, there’s much better support for Nginx (so my other article is now very out of date).

Before we get started, you will need a few things installed first, I have provided links to installation scripts for Ubuntu 16.04 if you don’t already have an environment up and running.

Older versions might still work, so don’t go upgrading just yet; try things out and let me know if you run into problems.

Let’s create a new app and configure it for port 80

Change the port from 4000 to 80. Please note this isn’t an article about a production deploy of your application (refer here for that). Let’s start up your server

You should now see your site live (on port 80)

Image for post
Image for post

Next, we will need to tweak our routes to enable webroot authorization of Lets Encrypt. Let’s edit our endpoint.ex

We need to allow anything from .well-known to route through Plug.Static for Let’s Encrypt authentication.

Restart your server!

Note that I updated the instructions to work with prod, as there were some issues with renewals as noted on StackOverflow). The major change is that assets (aka images, JSON, .well-known files) will be drawn from the _build directory. Let’s test our change:

Open your browser to that page, and you should see the text below.

Image for post
Image for post

If you see an error like the following then something went awry (maybe you didn’t restart your server, or didn’t edit the correct file).

Image for post
Image for post

Now that we have our application ready, let’s install Let’s Encrypt certbot.

Image for post
Image for post

If you are running Ubuntu 16.04, the script probably still looks like the following:

Let’s write our configs to a file (so that we don’t need to remember all the options).

Here is a template for what to put in there. Here is the documentation about all available settings.

Don’t forget to update your domain, email and source path. Once configured we can generate our certificates

If everything worked you should see something like

Let’s add the https information to your config (e.g config/prod.exs)

Restart your server and TADA, your are running HTTPS (note that the screenshot is from a test domain, you will want to try your domain).

Image for post
Image for post

Last piece of the puzzle is to configure your application to always use HTTPS. To do this, you will need to configure force_ssl, and ensure that your url’s host is configured properly. Below is one of the many ways based on Plug.SSL configurations.

Now your site is being served up only through SSL directly through Phoenix (no Nginx required).

Happy HTTPS.

Back to PHP and #elixir; flirting with #Elm. TDD infected since jUnit 2.1, former cheesemaker, and working at #crossfit

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store