[英]Elixir Phoenix production server has issue with Letsencrypt renewal
I have a site built with Elixir Phoenix frame work. 我有一个用Elixir Phoenix框架工作的网站。 The website runs fine in both dev and prod mode.
该网站在开发和生产模式下运行良好。
When the phoenix server is running in dev mode, I have no issue renewingLet's Encrypt certificate, but when the exact same app is running in prod mode, I keep getting permission error when trying to renew. 当凤凰服务器以开发模式运行时,我没有问题续订我的加密证书,但是当完全相同的应用程序在prod模式下运行时,我在尝试续订时不断收到权限错误。 Please noted that I am talking about the exact same app, on the same FreeBSD server, executed by the same user - both command without
sudo
. 请注意,我在同一个用户执行的同一个 FreeBSD服务器上讨论完全相同的应用程序 - 两个命令都没有
sudo
。 The only difference is MIX_ENV=prod
唯一的区别是
MIX_ENV=prod
I also noted that in prod mode, the phoenix server log an 404 error when Letsencrypt is trying to access my priv/static/.well-known/acme-challenge/(some-unique-string)
My basic set up for phoenix + letsencrypt is detailed in this blog post 我还注意到在prod模式下,当Letsencrypt尝试访问我的
priv/static/.well-known/acme-challenge/(some-unique-string)
时,凤凰服务器会记录404错误我为phoenix + letsencrypt设置的基本设置详情请参阅此博客文章
The question is: how is phoenix server treating directory/file permission differently between `prod' and 'dev' mode? 问题是:phoenix服务器如何在`prod'和'dev'模式之间区别对待目录/文件权限?
UPDATE: 更新:
Folks, since LetsEncrypt and Phoenix framework evolve rapidly, the issue I listed above is no longer an issue if you are using the latest cerbot from LetsEncrypt and Phoenix 1.2.0 伙计们,既然LetsEncrypt和Phoenix框架发展迅速,如果您使用LetsEncrypt和Phoenix 1.2.0中的最新cerbot,我上面列出的问题不再是问题
This is not necessary an answer to the original questions though. 但这不是原始问题的答案。
I've solved it, by using a route, instead of file: 我通过使用路线而不是文件解决了它:
scope "/.well-known", MyApp do
get "/acme-challenge/:challenge", AcmeChallengeController, :show
end
And a simple controller.. 和一个简单的控制器..
defmodule AcmeChallengeController do
use MyApp, :controller
def show(conn, %{"challenge" => "the_random_file_name"}) do
send_resp(conn, 200, "TheHashInTheFile")
end
def show(conn, _) do
send_resp(conn, 200, "Not valid")
end
end
This is hardcoded, compiled and faster then sending files, but, it would be also possible to use some kind of key/value store, and manage (add/delete) the the challenges from within the UI without re-deployment. 这是硬编码,编译并且比发送文件更快,但是,也可以使用某种键/值存储,并在UI中管理(添加/删除)挑战而无需重新部署。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.