Let a proxy handle ssl

GeyserMC · Jul 11, 2024 · 10fd98a · 10fd98a
1 parent 4ac8c3a
commit 10fd98a
Showing 1 changed file with 4 additions and 14 deletions.
diff --git a/config/prod.exs b/config/prod.exs
@@ -22,29 +22,19 @@ config :global_api, :domain_info,
     subdomain: "skin"
   }
 
-# The `cipher_suite` is set to `:strong` to support only the
-# latest and more secure SSL ciphers
-# `log_level` is set to `:error` to ignore SSL errors received from e.g. old client
-
 config :global_api, GlobalApiWeb.Endpoint,
-  http: [port: 80],
-  https: [
+  http: [
     dispatch: [
       {:_, [
         {"/ws", GlobalApiWeb.WebSocket, []},
         {:_, Phoenix.Endpoint.Cowboy2Handler, {GlobalApiWeb.Endpoint, []}}
       ]}
     ],
     ip: {0, 0, 0, 0, 0, 0, 0, 0},
-    port: String.to_integer(System.get_env("PORT") || "443"),
-    otp_app: :global_api,
-    keyfile: "path/to/privkey.pem",
-    cacertfile: "path/to/fullchain.pem",
-    certfile: "path/to/cert.pem",
-    cipher_suite: :strong,
-    log_level: :error
+    port: String.to_integer(System.get_env("PORT") || "80"),
+    otp_app: :global_api
   ],
-  force_ssl: [hsts: true, host: nil, log: false],
+  force_ssl: [rewrite_on: [:x_forwarded_proto, :x_forwarded_host, :x_forwarded_for], host: nil, log: false],
   check_origin: [protocol <> "://*." <> domain],
   url: [host: "api." <> domain],
   static_url: [host: "cdn." <> domain],