Problem
Unlike as in the documentation, I use HTTPS and therefore nginx must also make HTTPS requests to the Yesod app, e.g.
https://localhost:3000/. If not, the HTML returned by my app is full of HTTP links which is against the Same-Origin-Policy.
After all, my problem is simple: How can I use HTTPS with my Yesod app?
I use warp-tls and so runSettings becomes
runTLS (tlsSettings "certificate.pem" "key.pem").
I generated the self-signed certificates as documented in the
package README with Common Name is localhost.
At this point, when I want to test and run in GHCi:
:l app/DevelMain.hs
update
, the process does not respond to HTTPS requests.
Sample output of curl:
$ curl -vk https://localhost:3000/
* Trying ::1:3000...
* connect to ::1 port 3000 failed: Connection refused
* Trying 127.0.0.1:3000...
* Connected to localhost (127.0.0.1) port 3000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
Sorry for the long text, but I couldn't find out why it doesn't respond. The cert/key arguments should be correct; I also tried absolute paths.
Solution
Aaahh! Got it: I changed the runSettings in Application.hs but not DevelMain.hs. That's why it didn't work.
Anyway, if someone can tell me a better way of how to handle this nginx-reverse-proxy-HTTPS problem described at the beginning, I'm happy, too! Maybe it's better to use keter although it's more packaging and configuration work then.