97 lines
3.4 KiB
Elixir
97 lines
3.4 KiB
Elixir
import Config
|
|
|
|
# config/runtime.exs is executed for all environments, including
|
|
# during releases. It is executed after compilation and before the
|
|
# system starts, so it is typically used to load production configuration
|
|
# and secrets from environment variables or elsewhere. Do not define
|
|
# any compile-time configuration in here, as it won't be applied.
|
|
# The block below contains prod specific runtime configuration.
|
|
|
|
# ## Using releases
|
|
#
|
|
# If you use `mix release`, you need to explicitly enable the server
|
|
# by passing the PHX_SERVER=true when you start it:
|
|
#
|
|
# PHX_SERVER=true bin/sso_bsn start
|
|
#
|
|
# Alternatively, you can use `mix phx.gen.release` to generate a `bin/server`
|
|
# script that automatically sets the env var above.
|
|
if System.get_env("SERVER") do
|
|
config :sso_bsn, SsoBsnWeb.Endpoint, server: true
|
|
end
|
|
|
|
if config_env() == :prod do
|
|
database_path =
|
|
System.get_env("DATABASE_PATH") ||
|
|
raise """
|
|
environment variable DATABASE_PATH is missing.
|
|
For example: /etc/sso_bsn/sso_bsn.db
|
|
"""
|
|
|
|
config :sso_bsn, SsoBsn.Repo,
|
|
database: database_path,
|
|
pool_size: String.to_integer(System.get_env("POOL_SIZE") || "5")
|
|
|
|
# The secret key base is used to sign/encrypt cookies and other secrets.
|
|
# A default value is used in config/dev.exs and config/test.exs but you
|
|
# want to use a different value for prod and you most likely don't want
|
|
# to check this value into version control, so we use an environment
|
|
# variable instead.
|
|
secret_key_base =
|
|
System.get_env("SECRET_KEY_BASE") ||
|
|
raise """
|
|
environment variable SECRET_KEY_BASE is missing.
|
|
You can generate one by calling: mix phx.gen.secret
|
|
"""
|
|
|
|
host = System.get_env("SSO_BSN_HOST") || raise "SSO_BSN_HOST must be set to the external host of the service"
|
|
|
|
config :wax_, origin: "https://#{host}/"
|
|
config :boruta, Boruta.Oauth, issuer: "https://#{host}/"
|
|
|
|
config :sso_bsn, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
|
|
|
|
config :sso_bsn, :session_domain, System.get_env("SESSION_DOMAIN") # A nil value will allow browser default of no subdomains, current domain
|
|
|
|
config :sso_bsn, SsoBsnWeb.Endpoint,
|
|
url: [host: host, port: 443, scheme: "https"],
|
|
http: [
|
|
ip: {:local, System.get_env("BIND_UNIX")},
|
|
port: 0
|
|
],
|
|
secret_key_base: secret_key_base
|
|
|
|
# ## SSL Support
|
|
#
|
|
# To get SSL working, you will need to add the `https` key
|
|
# to your endpoint configuration:
|
|
#
|
|
# config :sso_bsn, SsoBsnWeb.Endpoint,
|
|
# https: [
|
|
# ...,
|
|
# port: 443,
|
|
# cipher_suite: :strong,
|
|
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
|
|
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")
|
|
# ]
|
|
#
|
|
# The `cipher_suite` is set to `:strong` to support only the
|
|
# latest and more secure SSL ciphers. This means old browsers
|
|
# and clients may not be supported. You can set it to
|
|
# `:compatible` for wider support.
|
|
#
|
|
# `:keyfile` and `:certfile` expect an absolute path to the key
|
|
# and cert in disk or a relative path inside priv, for example
|
|
# "priv/ssl/server.key". For all supported SSL configuration
|
|
# options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1
|
|
#
|
|
# We also recommend setting `force_ssl` in your endpoint, ensuring
|
|
# no data is ever sent via http, always redirecting to https:
|
|
#
|
|
# config :sso_bsn, SsoBsnWeb.Endpoint,
|
|
# force_ssl: [hsts: true]
|
|
#
|
|
# Check `Plug.SSL` for all available options in `force_ssl`.
|
|
|
|
end
|