Add support for built-in HTTPS (#379)

* adding support for running temporal web using HTTPS based on ENV vars
temporalio · Sep 8, 2021 · b5f459a · b5f459a
1 parent c52829f
commit b5f459a
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -41,9 +41,12 @@ Optional TLS configuration variables:
 | TEMPORAL_TLS_ENABLE_HOST_VERIFICATION | Enables verification of the server certificate                      | true    |
 | TEMPORAL_TLS_SERVER_NAME              | Target server that is used for TLS host verification                |         |
 | TEMPORAL_TLS_REFRESH_INTERVAL         | How often to refresh TLS Certs, seconds                             | 0       |
+| TEMPORAL_WEB_TLS_CERT_PATH            | Certificate used to support HTTPS in the temporal web UI            |         |
+| TEMPORAL_WEB_TLS_KEY_PATH             | Private key for supporting HTTPS in the temporal web UI             |         |
 
 * To enable mutual TLS, you need to specify `TEMPORAL_TLS_KEY_PATH` and `TEMPORAL_TLS_CERT_PATH`.
 * For server-side TLS you need to specify only `TEMPORAL_TLS_CA_PATH`.
+* To Enable HTTPS in the temporal web UI, specify a `TEMPORAL_WEB_TLS_CERT_PATH` and a `TEMPORAL_WEB_TLS_CERT_PATH` value.
 
 By default we will also verify your server `hostname`, matching it to `TEMPORAL_TLS_SERVER_NAME`. You can turn this off by setting `TEMPORAL_TLS_ENABLE_HOST_VERIFICATION` to `false`.
 

diff --git a/server.js b/server.js
@@ -1,10 +1,26 @@
-var app = require('./server/index'),
-    port = Number(process.env.TEMPORAL_WEB_PORT) || 8088,
-    production = process.env.NODE_ENV === 'production'
+const app = require('./server/index'),
+  port = Number(process.env.TEMPORAL_WEB_PORT) || 8088,
+  production = process.env.NODE_ENV === 'production',
+  sslEnabled = process.env.TEMPORAL_WEB_TLS_CERT_PATH != null;
 
-app.init().listen(port)
+if (sslEnabled) {
+  const https = require('https');
+  const fs = require('fs');
+
+  console.log('temporal-web ssl is enabled');
+  https.createServer({
+      key: fs.readFileSync(process.env.TEMPORAL_WEB_TLS_KEY_PATH),
+      cert: fs.readFileSync(process.env.TEMPORAL_WEB_TLS_CERT_PATH),
+    }, 
+    app.init().callback()
+  ).listen(port);
+} else {
+  console.log('temporal-web ssl is not enabled');
+  app.init().listen(port);
+}
+
+console.log('temporal-web up and listening on port ' + port);
 
-console.log('temporal-web up and listening on port ' + port)
 if (!production) {
-  console.log('webpack is compiling...')
+  console.log('webpack is compiling...');
 }