Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Tymeslot/tymeslot/llms.txt

Use this file to discover all available pages before exploring further.

Tymeslot’s Phoenix server listens on port 4000 by default and does not handle TLS on its own. For any production deployment you need a reverse proxy in front of it to terminate HTTPS, obtain and renew TLS certificates, and forward requests to Tymeslot on port 4000. This is the standard pattern for Elixir/Phoenix applications in production.

Environment variables to set when using a proxy

Before configuring your proxy, update two variables in your .env so Tymeslot generates correct absolute URLs in emails, OAuth callbacks, and calendar webhook registrations:
# Tell Tymeslot your public domain
PHX_HOST=tymeslot.yourdomain.com

# Tell Tymeslot that links should use https://
URL_SCHEME=https

# Restrict the Phoenix listener to localhost — the proxy is the only
# caller, so there is no reason to expose port 4000 publicly
LISTEN_IP=127.0.0.1
Setting LISTEN_IP=127.0.0.1 prevents port 4000 from being reachable directly from the internet once a proxy is in place. Without this, anyone who knows your server’s IP address can bypass the proxy entirely.

Proxy configurations

The following Nginx server block terminates TLS with Certbot/Let’s Encrypt and proxies all traffic to Tymeslot on port 4000. The Upgrade and Connection headers are required for Phoenix LiveView WebSocket connections.
server {
    listen 80;
    server_name tymeslot.yourdomain.com;

    # Redirect all HTTP to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name tymeslot.yourdomain.com;

    # TLS certificates — issued by Certbot / Let's Encrypt
    ssl_certificate     /etc/letsencrypt/live/tymeslot.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tymeslot.yourdomain.com/privkey.pem;

    # Recommended TLS settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;

    # Increase max body size for file uploads
    client_max_body_size 25M;

    location / {
        proxy_pass         http://127.0.0.1:4000;
        proxy_http_version 1.1;

        # Required for Phoenix LiveView WebSocket
        proxy_set_header Upgrade    $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Pass real client IP to Phoenix
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host             $host;

        # Increase timeouts for long-lived WebSocket connections
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
    }
}
After editing the config, test and reload Nginx:
sudo nginx -t
sudo systemctl reload nginx
To obtain a certificate with Certbot:
sudo certbot --nginx -d tymeslot.yourdomain.com

Summary checklist

After setting up your reverse proxy, verify the following before going live:
  • PHX_HOST is set to your public domain (without scheme or trailing slash)
  • URL_SCHEME=https is set
  • LISTEN_IP=127.0.0.1 is set (Nginx/Caddy — Traefik reaches the container over the Docker bridge network, so skip this when using Traefik)
  • TLS certificate is valid and auto-renewing
  • WebSocket connections work (open the app and check the browser console for WebSocket errors)
  • Generated URLs in password reset emails and booking confirmations use https://

Build docs developers (and LLMs) love