HTTP/2 support already available in Phoenix thanks to Cowboy2. Depending on how your load balancing was setup you may
now be in a situation where you now need to termiate TLS directly on Cowboy.
When I looked into it there didn’t seem to be a lot of information around it so I decided to assemble the config
and details that I used here.
There’s two things that I wanted to do when I set this up:
One challenge that we have is the DH params group file. I’d prefer to generate this on the server but it
takes too long to be practical. I have excluded it for the time being as it makes not sense to generate it
but then store it in a git repos.
However, your deployment process may be different so if you can take advatage of it, generate it as follows:
Beyond that we are encrypting our keyfile and then only provide the password to the production ENV.
The resulting config looks as follows:
In my case, we use distillery and read much of our configuration from the ENV. And we are not generating the DHPARAMS
So our file looks more like this:
Note that we are setting files paths dynamically which allows us to switch between certificate sets between staging
and production ENVs.
Mark Madsen
When I started writing Apps and APIs, phones had buttons!