Closed cgrothaus closed 7 months ago
Thank you! The way to achieve this is by plugging it conditionally, as outlined here: https://github.com/elixir-plug/plug/blob/b05cd27012511426d1c75834fe66566539ee89cd/lib/plug/builder.ex#L53. Inside Phoenix, you can set force_ssl
to false and then plug conditionally at the top of your endpoint.
Ah, I see 💡 ! Thank you!
Now that I understand that force_ssl
just places Plug.SSL
at the top of my endpoint, it is even easier. As my healthcheck is itself a plug, it is sufficient to plug Plug.SSL
below it 💡 . No need to plug conditionally.
Add Path-Based Exclusion to Plug.SSL
This PR introduces a new feature in the
Plug.SSL
module. It allows specifying paths that should be excluded from HTTPS redirection. The feature adds an:exclude_paths
option. This option works similarly to the existing:exclude
option for hosts.Background
We face a specific scenario involving a health check endpoint. A load balancer uses this endpoint to assess server health. The load balancer requests this endpoint over HTTP. It cannot be configured to add the
x-forwarded-proto
header. Additionally, we cannot identify the load balancer's hostname or IP. Moreover, the load balancer cannot follow an HTTPS redirect.Similar features exist in other frameworks. For example, Rails has the
force_ssl
method (ActionDispatch::SSL). It allows excluding specific paths from HTTPS redirection. Thedjango-sslify
package for Django also offers this functionality (django-sslify).