Phoenix Application Fails to Render HTTPS Page in Debug Mode

[mc962]

Describe the bug Accessing a url under HTTPS in a Phoenix application fails to load the page in Debug mode. It works fine in the regular Run mode, and when running the server from the terminal, but for whatever reason, accessing with HTTP seems to fail. This is using a self-signed certificate, as recommended by the docs.

To Reproduce Steps to reproduce the behavior:

1. Generate a new application
2. Create a new self-signed certificate with mix phx.gen.cert, and enable it in the dev config (example code can just be commented in).
3. Create a new Debug configuration in your IDE (I use Intellij Community Edition). Use arguments as follows: mix arguments: phx.server, working directory: path/to/phoenix/app/root.
4. Observe a Connection Reset error in Chrome and a similar PR_CONNECT_RESET_ERROR in Firefox.

Expected behavior It is expected that the page will load and render the information from the server, as it does load in a normal Run configuration.

Desktop:

• OS: Fedora
• Version: 30

Erlang:

• Installer: asdf
• Version 22.1

Elixir:

• Installer: asdf
• Version: 1.9.1

Plugin:

• Version: 11.2.0

Additional Information I am not as familiar with what might cause this particular issue aside from there being some issue with the certificate potentially. However, one thought I had, was that the certificate was not being "seen" by the debugger for some reason, even though normally the configuration works with the relevant files just fine. It seems unlikely, it was just a thought I had.

[mc962]

As additional information, this is the output I get for curl:

curl https://localhost:4001/api
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:4001 

More verbose output:

curl -v https://localhost:4001/api
*   Trying ::1:4001...
* TCP_NODELAY set
* connect to ::1 port 4001 failed: Connection refused
*   Trying 127.0.0.1:4001...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4001 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:4001 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:4001 

I feel like I'm missing some basic configuration somewhere, but nothing jumps out at me at the moment.

[samm81]

A little unrelated, but while debugging an issue with my server and SSL I stumbled into a similar issue. It turned out that I was using the wrong type of certfile - I was using the fullchain.pem generated by certbot rather than cert.pem. This caused my server to silently reject all HTTPS traffic with no errors, and gave a curl output almost identical to that of above.

[mc962]

It's been a while, but I think I was just using the self-signed cert + config that was generated + suggested by Phoenix.

[anschwa]

I'm experiencing the same issue.

config :example, ExampleWeb.Endpoint,
  http: [port: 4000],
  https: [
    port: 4001,
    cipher_suite: :strong,
    keyfile: "priv/cert/selfsigned_key.pem",
    certfile: "priv/cert/selfsigned.pem",
  ],
  debug_errors: true,
  code_reloader: true,
  check_origin: false,
...

$ system_profiler SPSoftwareDataType | sed -n '/System Version/p'
System Version: macOS 10.15.7 (19H15)

$ elixir -v
Erlang/OTP 23 [erts-11.1.7] [source] [64-bit] [smp:24:24] [ds:24:24:10] [async-threads:1] [hipe] [dtrace]

Elixir 1.11.3 (compiled with Erlang/OTP 23)

$ curl -v localhost:4001
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4001 (#0)
> GET / HTTP/1.1
> Host: localhost:4001
> User-Agent: curl/7.64.1
> Accept: */*
> 
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
* Closing connection 0

$ mix phx.server
[info] Running ExampleWeb.Endpoint with cowboy 2.8.0 at 0.0.0.0:4000 (http)
[info] Running ExampleWeb with cowboy 2.8.0 at 0.0.0.0:4001 (https)
[info] Access ExampleWeb.Endpoint at https://localhost:4001

webpack is watching the files…

[hardsource:cf64a6a4] Using 9 MB of disk space.
[hardsource:cf64a6a4] Tracking node dependencies with: package-lock.json.
[hardsource:cf64a6a4] Reading from cache cf64a6a4...
Hash: e5ae1c249b0b6e02b05e
Version: webpack 4.41.5
Time: 236ms
Built at: 01/31/2021 2:59:04 PM
                Asset       Size  Chunks             Chunk Names
       ../css/app.css   3.88 MiB     app  [emitted]  app
       ../favicon.ico   1.23 KiB          [emitted]  
../images/phoenix.png   13.6 KiB          [emitted]  
        ../robots.txt  202 bytes          [emitted]  
               app.js   13.5 KiB     app  [emitted]  app
Entrypoint app = ../css/app.css app.js
[0] multi ./js/app.js 28 bytes {app} [built]
    + 4 hidden modules
[info] TLS :server: In state :hello at tls_record.erl:539 generated SERVER ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 71}
[info] TLS :server: In state :hello at tls_record.erl:539 generated SERVER ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 71}
[info] TLS :server: In state :hello at tls_record.erl:539 generated SERVER ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 71}
[info] TLS :server: In state :hello at tls_record.erl:539 generated SERVER ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 71}
[info] TLS :server: In state :hello at tls_record.erl:539 generated SERVER ALERT: Fatal - Unexpected Message
 - {:unsupported_record_type, 71}