Problems setting up SSL locally with Phoenix/Elixir

Question

I've created a new Phoenix web application on OSX and I'm trying to get SSL working on localhost. To do that, I read and performed the steps of this article. So now I have a server.key, server.crt and server.csr files. The files are not binary and are in readable form. I placed those files in the priv folder as the Phoenix docs suggested.

My config file looks like this:

  config :{{name}}, {{name}}.Endpoint,
  http: [port: 4000],
  debug_errors: true,
  code_reloader: true,
  cache_static_lookup: false,
  check_origin: false,
  watchers: [node: ["node_modules/brunch/bin/brunch", "watch", "--stdin"]],
  https: [port: 4043,
          otp_app: :{{name}},
          keyfile: System.get_env("server.key"),
          certfile: System.get_env("server.crt"),
          # OPTIONAL Key for intermediate certificates
          # cacertfile: System.get_env("INTERMEDIATE_CERTFILE_PATH")
        ]

When I run mix phoenix.server I'm getting the following error:

** (Mix) Could not start application {{name}}: {{name}}.start(:normal, []) returned an error: shutdown: failed to start child: {{name}}.Endpoint
    ** (EXIT) shutdown: failed to start child: Phoenix.Endpoint.Server
        ** (EXIT) shutdown: failed to start child: {:ranch_listener_sup, {{name}}.Endpoint.HTTPS}
            ** (EXIT) shutdown: failed to start child: :ranch_acceptors_sup
                ** (EXIT) an exception was raised:
                    ** (MatchError) no match of right hand side value: {:error, {:options, {:certfile, nil}}}
                        (ranch) src/ranch_acceptors_sup.erl:30: :ranch_acceptors_sup.init/1
                        (stdlib) supervisor.erl:243: :supervisor.init/1
                        (stdlib) gen_server.erl:306: :gen_server.init_it/6
                        (stdlib) proc_lib.erl:237: :proc_lib.init_p_do_apply/3

What am I doing wrong? I'm a Phoenix newbie and the project I'm working on requires SSL on localhost to prevent cross-domain issues.

Answer 1

It seems phoenix is not able to find your certificates. To overcome this problem, you can either provide an absolute path or can take advantage of otp_app to use a relative path where phoenix can search for the certificates. If you provide otp_app, phoenix will look in your application root for certificates.

If you want to provide an absolute path you can do something like that:

    keyfile: Path.expand("../../../some/path/to/ssl/cer.key", __DIR__),
    certfile: Path.expand("../../../some/path/to/ssl/cer.crt", __DIR__)

If you want to take advantage of otp_app, create two env variable say KEY_HOME and CERT_HOME. Go to console and fire these two commands. You should add them to your bashrc file later.

export KEY_HOME=priv/ssl/server.key
export CERT_HOME=priv/ssl/server.crt

you must include priv directory here

Now your config looks like this

  https: [port: 443,
  otp_app: :hello_phoenix,
  keyfile: System.get_env("KEY_HOME"),
  certfile: System.get_env("CERT_HOME") 
  ]

Don't forget to copy your files in priv/ssl.