Elixir Phoenix生产服务器的Letsencrypt续订有问题 [英] Elixir Phoenix production server has issue with Letsencrypt renewal

问题描述

我有一个使用Elixir Phoenix框架构建的网站.该网站在开发和生产模式下均可正常运行.

I have a site built with Elixir Phoenix frame work. The website runs fine in both dev and prod mode.

当phoenix服务器在开发人员模式下运行时，我没有续订我们的Encrypt证书的问题，但是当完全相同应用程序在产品模式下运行时，我在尝试续订时始终遇到权限错误.请注意，我所说的是相同 FreeBSD服务器上的完全相同应用程序，该应用程序由相同用户执行-两个命令都没有. 仅的区别是MIX_ENV=prod

When the phoenix server is running in dev mode, I have no issue renewingLet's Encrypt certificate, but when the exact same app is running in prod mode, I keep getting permission error when trying to renew. Please noted that I am talking about the exact same app, on the same FreeBSD server, executed by the same user - both command without sudo. The only difference is MIX_ENV=prod

我还注意到，在生产模式下，当Letsencrypt尝试访问我的priv/static/.well-known/acme-challenge/(some-unique-string)时，phoenix服务器记录404错误.

I also noted that in prod mode, the phoenix server log an 404 error when Letsencrypt is trying to access my priv/static/.well-known/acme-challenge/(some-unique-string) My basic set up for phoenix + letsencrypt is detailed in this blog post

问题是:phoenix服务器在'prod'模式和'dev'模式之间如何对待目录/文件权限?

• 使用Elixir 1.2.4和Phoenix 1.1.4

更新:

伙计们，由于LetsEncrypt和Phoenix框架发展迅速，如果您使用的是LetsEncrypt和Phoenix 1.2.0的最新cerbot，那么我上面列出的问题不再是问题

Folks, since LetsEncrypt and Phoenix framework evolve rapidly, the issue I listed above is no longer an issue if you are using the latest cerbot from LetsEncrypt and Phoenix 1.2.0

虽然这不是对原始问题的答案.

This is not necessary an answer to the original questions though.

推荐答案

我已经通过使用路由而不是文件来解决了这个问题:

I've solved it, by using a route, instead of file:

scope "/.well-known", MyApp do
   get "/acme-challenge/:challenge", AcmeChallengeController, :show
end

还有一个简单的控制器.

And a simple controller..

defmodule AcmeChallengeController do
   use MyApp, :controller

   def show(conn, %{"challenge" => "the_random_file_name"}) do
      send_resp(conn, 200, "TheHashInTheFile")
   end

   def show(conn, _) do
      send_resp(conn, 200, "Not valid")
   end
end

这是经过硬编码，编译和发送文件的速度更快，但是，也可以使用某种键/值存储，并从UI内管理(添加/删除)挑战，而无需重新部署.

This is hardcoded, compiled and faster then sending files, but, it would be also possible to use some kind of key/value store, and manage (add/delete) the the challenges from within the UI without re-deployment.

这篇关于Elixir Phoenix生产服务器的Letsencrypt续订有问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！