问题
I have a site built with Elixir Phoenix frame work. The website runs fine in both dev and prod mode.
When the phoenix server is running in dev mode, I have no issue renewingLet's Encrypt certificate, but when the exact same app is running in prod mode, I keep getting permission error when trying to renew. Please noted that I am talking about the exact same app, on the same FreeBSD server, executed by the same user - both command without sudo. The only difference is MIX_ENV=prod
I also noted that in prod mode, the phoenix server log an 404 error when Letsencrypt is trying to access my priv/static/.well-known/acme-challenge/(some-unique-string) My basic set up for phoenix + letsencrypt is detailed in this blog post
The question is: how is phoenix server treating directory/file permission differently between `prod' and 'dev' mode?
- Using Elixir 1.2.4 and Phoenix 1.1.4
UPDATE:
Folks, since LetsEncrypt and Phoenix framework evolve rapidly, the issue I listed above is no longer an issue if you are using the latest cerbot from LetsEncrypt and Phoenix 1.2.0
This is not necessary an answer to the original questions though.
回答1:
I've solved it, by using a route, instead of file:
scope "/.well-known", MyApp do
get "/acme-challenge/:challenge", AcmeChallengeController, :show
end
And a simple controller..
defmodule AcmeChallengeController do
use MyApp, :controller
def show(conn, %{"challenge" => "the_random_file_name"}) do
send_resp(conn, 200, "TheHashInTheFile")
end
def show(conn, _) do
send_resp(conn, 200, "Not valid")
end
end
This is hardcoded, compiled and faster then sending files, but, it would be also possible to use some kind of key/value store, and manage (add/delete) the the challenges from within the UI without re-deployment.
来源:https://stackoverflow.com/questions/37216626/elixir-phoenix-production-server-has-issue-with-letsencrypt-renewal