Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support ssl on local with self signed url #2903

Open
wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

feat: support ssl on local with self signed url #2903

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
935a373
feat: support ssl on local with self signed url
liorzblrn Dec 21, 2024
0ede17a
feat: support ssl on local with self signed url 2
liorzblrn Dec 26, 2024
ffb1857
feat: support ssl on local with self signed url 3
liorzblrn Dec 26, 2024
0d52d86
feat: fix cookie
liorzblrn Jan 3, 2025
932029c
Merge branch 'dev' of github.com:ballerine-io/ballerine into bal-2983…
liorzblrn Jan 3, 2025
371b73f
Merge branch 'dev' of github.com:ballerine-io/ballerine into bal-2983…
liorzblrn Jan 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions apps/backoffice-v2/vite.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ export default defineConfig(configEnv => {
open: true,
host: true,
port: 5137,
cors: true,
// port: 443,
// https: true,
},
Expand Down
30 changes: 30 additions & 0 deletions services/workflows-service/Caddyfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
myapp.local {

reverse_proxy http://host.docker.internal:3000
tls internal
}
Comment on lines +1 to +5
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add security headers and CORS configuration.

While the basic reverse proxy setup works, consider enhancing security by adding standard security headers and CORS configurations for local development. This will better mirror production security requirements.

Add these configurations to each domain block:

 myapp.local {
     reverse_proxy http://host.docker.internal:3000
     tls internal
+    header {
+        # Security headers
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "DENY"
+        Referrer-Policy "strict-origin-when-cross-origin"
+        # CORS headers for local development
+        Access-Control-Allow-Origin "*"
+        Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
+        Access-Control-Allow-Headers "*"
+    }
 }

Also applies to: 7-10, 12-17, 19-22, 24-27


backoffice.local {
reverse_proxy http://host.docker.internal:5137
root * /srv
try_files {path} /index.html
file_server
tls internal
}

workflow.local {


reverse_proxy http://host.docker.internal:5200
tls internal
}

kyb.local {
reverse_proxy http://host.docker.internal:5201
tls internal
}

kyc.local {
reverse_proxy http://host.docker.internal:5202
tls internal
}
21 changes: 21 additions & 0 deletions services/workflows-service/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,20 @@
version: '3'
services:
caddy:
image: caddy:latest
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Avoid using 'latest' tag for Caddy image.

Using the latest tag can lead to unexpected behavior when the image is updated. Specify a fixed version for better reproducibility and stability.

-    image: caddy:latest
+    image: caddy:2.7.6
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
image: caddy:latest
image: caddy:2.7.6

container_name: caddy_server
ports:
- '443:443' # Expose HTTPS
- '80:80' # Expose HTTP (optional, redirects to HTTPS)
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro # Mount the Caddyfile
- caddy_data:/data # Persist Caddy data
- caddy_config:/config
extra_hosts:
- myapp.local:host-gateway
- backoffice.local:host-gateway
- host.docker.internal:host-gateway

server:
build:
context: .
Expand Down Expand Up @@ -63,3 +78,9 @@ services:
retries: 10
volumes:
postgres15: ~
caddy_config:
caddy_data:
networks:
mynetwork:
external: true
name: host
6 changes: 3 additions & 3 deletions services/workflows-service/src/main.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,9 @@ const main = async () => {
cookieSession({
name: 'session',
keys: [env.SESSION_SECRET],
httpOnly: env.ENVIRONMENT_NAME === 'production',
secure: false,
sameSite: env.ENVIRONMENT_NAME === 'production' ? 'strict' : false,
httpOnly: env.ENVIRONMENT_NAME === 'local',
secure: env.ENVIRONMENT_NAME !== 'local' ? true : false,
sameSite: env.ENVIRONMENT_NAME !== 'local' ? 'strict' : false,
maxAge: 1000 * 60 * env.SESSION_EXPIRATION_IN_MINUTES,
}),
);
Expand Down
Loading