Add SSL termination to the explorer (yetanotherco#1586)

Co-authored-by: Julian Arce <[email protected]>
ilitteri · Dec 16, 2024 · 5bec7ca · 5bec7ca
1 parent 676e6e8
commit 5bec7ca
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/explorer/config/runtime.exs b/explorer/config/runtime.exs
@@ -35,11 +35,22 @@ if config_env() == :prod do
 
   host = System.get_env("PHX_HOST") || "http://localhost:4000"
   port = String.to_integer(System.get_env("PORT") || "4000")
+  port_ssl = String.to_integer(System.get_env("PORT_SSL") || "443")
 
   config :explorer, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
 
   config :explorer, ExplorerWeb.Endpoint,
-    url: [host: host, port: 443, scheme: "https"],
+    url: [
+      scheme: "https",
+      port: port_ssl,
+      host: host
+    ],
+    https: [
+      port: port_ssl,
+      cipher_suite: :strong,
+      keyfile: System.get_env("KEYFILE_PATH"),
+      certfile: System.get_env("CERTFILE_PATH"),
+    ],
     http: [
       # Enable IPv6 and bind on all interfaces.
       # Set it to  {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.

diff --git a/explorer/lib/explorer_web/router.ex b/explorer/lib/explorer_web/router.ex
@@ -7,7 +7,7 @@ defmodule ExplorerWeb.Router do
 
   @content_security_policy (case Mix.env() do
                               :prod ->
-                                "default-src 'self';connect-src wss://#{@host};img-src 'self' blob:;"
+                                "default-src 'self' 'unsafe-inline';connect-src wss://#{@host};img-src https://w3.org http://raw.githubusercontent.com https://*.github.io blob: data:;"
 
                               _ ->
                                 "default-src 'self' 'unsafe-eval' 'unsafe-inline';" <>