enable auto-tls only when http_port is 80

plausible · Sep 10, 2024 · 530c0e8 · 530c0e8
1 parent 44b5557
commit 530c0e8
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 4 deletions.
diff --git a/lib/plausible/application.ex b/lib/plausible/application.ex
@@ -259,12 +259,23 @@ defmodule Plausible.Application do
   on_ce do
     defp maybe_https_endpoint do
       endpoint_config = Application.fetch_env!(:plausible, PlausibleWeb.Endpoint)
+
+      http_port = get_in(endpoint_config, [:http, :port])
       https_port = get_in(endpoint_config, [:https, :port])
-      https_enabled? = !!https_port
 
+      https_enabled? = !!https_port
       PlausibleWeb.Endpoint.enable_https(https_enabled?)
 
-      if https_enabled? do
+      auto_tls? = http_port == 80 and https_enabled?
+
+      if https_enabled? and not auto_tls? do
+        Logger.warning("""
+        HTTPS is enabled but the HTTP port is not 80.
+        This will prevent automatic TLS certificate issuance as ACME validates the domain on port 80.
+        """)
+      end
+
+      if auto_tls? do
         {SiteEncrypt.Phoenix.Endpoint, endpoint: PlausibleWeb.Endpoint}
       else
         PlausibleWeb.Endpoint

diff --git a/lib/plausible_web/endpoint.ex b/lib/plausible_web/endpoint.ex
@@ -137,9 +137,9 @@ defmodule PlausibleWeb.Endpoint do
     @https_key {:plausible, :https}
 
     @doc false
-    def enable_https(force?) when is_boolean(force?) do
+    def enable_https(enable?) when is_boolean(enable?) do
       # this function is called from application.ex during app start up
-      :persistent_term.put(@https_key, force?)
+      :persistent_term.put(@https_key, enable?)
     end
 
     defp https?, do: :persistent_term.get(@https_key)