LogoLogo
v2.0.0
v2.0.0
  • 🌸What is Petal Pro?
  • πŸ’‘Changelog
  • ⏫Upgrade guide
  • Guides
    • πŸš€Creating a web app from start to finish
    • 🌎Deploy to Fly.io
    • πŸ’³Adding a subscription
    • πŸ”’Creating Your Own API
  • πŸ‘©β€πŸ³Recipes
    • πŸ’How to apply a recipe with git cherry pick
    • #️⃣UUIDs
    • ✍️First/Last name
    • πŸ—ΊοΈGoogle Maps
    • Password Hashing for Windows
  • Fundamentals
    • πŸ’ΏInstallation
    • πŸ“‚Folder structure
    • πŸ—ƒοΈIncluded Pages
    • πŸ˜€Users & Authentication
    • 🏒Organizations & Multitenancy
    • πŸ’³Stripe billing
    • πŸ””User Notifications
    • 🧊Components
    • ⬛Dark mode
    • 🎨Branding
    • 🌱Seeding
    • πŸ“„Layouts & Menus
    • πŸ–ΌοΈImage uploads
    • πŸ‘₯Impersonation
    • πŸ› οΈBackground Tasks and Jobs
    • πŸ”§Util & Helpers
    • πŸ“§Emails
    • πŸͺJavascript Hooks
    • πŸ“šExtra Hex Libraries
    • πŸ—οΈGenerators
    • πŸ—£οΈTranslations
    • πŸ–οΈContributing
    • πŸ›«Deployment
    • πŸ›‘οΈTesting
    • πŸ”’REST API
Powered by GitBook
On this page
  • Before deploy
  • Removing CSP
  • Faker dependency and the Landing Page
  • A word on environment variables
  • Deployment with Fly.io

Was this helpful?

  1. Fundamentals

Deployment

How to get your app running in production

PreviousContributingNextTesting

Last updated 6 months ago

Was this helpful?

Before deploy

Before deployment, we've found an issue in production with the new content security policy headers. Basically, you need to add wss://...and your domain to the :content_security_policy default_src array, like below.

config.exs
config :my_app, :content_security_policy, %{
  default_src: [
    ....
    "wss://yourdomain.com",
    "wss://yourdomain.com/live/websocket"
  ]
}

Read more:

Removing CSP

If you don't care about content security policies, you can remove this config and then in router.exs change:

# Change this:
plug(:put_secure_browser_headers, %{
  "content-security-policy" =>
    ContentSecurityPolicy.serialize(
      struct(ContentSecurityPolicy.Policy, PetalPro.config(:content_security_policy))
    )
})

# To this:
plug :put_secure_browser_headers

Faker dependency and the Landing Page

defp deps do
  [
    {:faker, "~> 0.17", only: [:test, :dev]},
  ]

And change it to this:

defp deps do
  [
    {:faker, "~> 0.17"},
  ]

A word on environment variables

In production, Petal Pro requires the following environment variables to be set:

  • SECRET_KEY_BASE

  • DATABASE_URL

  • PHX_HOST

  • PORT

If you're deploying to Fly.io, these environment variables should be automatically taken care of. However, if you're testing prod on your dev machine or using a different deployment mechanism - you'll need to make sure that these environment variables have been set.

Please bare in mind that SECRET_KEY_BASE and DATABASE_URL are secrets and need to be protected. Please follow best practices for managing secrets on the platform you are deploying to.

Deployment with Fly.io

To deploy to Fly.io, use the following guide:

If you haven't changed the landing page yet, there will be references to . If you don't remove references to Faker, you'll need to find this line in mix.exs:

πŸ›«
Petal Pro Github issue
Blog post about content security policy in Phoenix apps
Faker
🌎Deploy to Fly.io