fix force_ssl for pings
5bc80b5 · gmorell · 2026-06-10 21:27
Files changed
modified
config/prod.exs
+11
−11
@@ -7,17 +7,17 @@ import Config
| 7 | 7 | # before starting your production server. |
| 8 | 8 | config :git_gud, GitGudWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json" |
| 9 | 9 | |
| 10 | −# Force using SSL in production. This also sets the "strict-security-transport" header, | |
| 11 | −# known as HSTS. If you have a health check endpoint, you may want to exclude it below. | |
| 12 | −# Note `:force_ssl` is required to be set at compile-time. | |
| 13 | −config :git_gud, GitGudWeb.Endpoint, | |
| 14 | − force_ssl: [ | |
| 15 | − rewrite_on: [:x_forwarded_proto], | |
| 16 | − exclude: [ | |
| 17 | − # paths: ["/health"], | |
| 18 | − hosts: ["localhost", "127.0.0.1"] | |
| 19 | − ] | |
| 20 | − ] | |
| 10 | +# TLS termination + the http → https redirect happen at the Traefik | |
| 11 | +# ingress, so Phoenix doesn't run `force_ssl` itself. Leaving it on | |
| 12 | +# behind a proxy that doesn't reliably forward `X-Forwarded-Proto` | |
| 13 | +# breaks the LiveView WebSocket: Plug.SSL sees the upgrade as plain | |
| 14 | +# HTTP, returns a 301, and the browser drops the connection. | |
| 15 | +# | |
| 16 | +# If you ever serve directly without a TLS-terminating proxy, re-enable | |
| 17 | +# this block: | |
| 18 | +# | |
| 19 | +# config :git_gud, GitGudWeb.Endpoint, | |
| 20 | +# force_ssl: [rewrite_on: [:x_forwarded_proto]] | |
| 21 | 21 | |
| 22 | 22 | # Configure Swoosh API Client |
| 23 | 23 | config :swoosh, api_client: Swoosh.ApiClient.Req |
Parents: c2956cc