feat(server): allow to use ssl on server #8722
Merged
+172
−17
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Replaced individual environment-based server URL retrievals with a centralized ServerUrl utility. This change simplifies URL management and ensures a consistent approach across different services. Added validation for SSL configurations when using HTTPS.
Removed standalone ServerUrl and integrated with combined ServerUrl/ApiUrl module. Refactored codebase to use ApiUrl for public network accessibility and adjusted corresponding imports.
Renamed utils file for better readability and consistency. Updated all references to the new file name and added unit tests for ServerUrl and ApiUrl functionalities.
Move the reset of ServerUrl and ApiUrl to beforeEach in tests to ensure clean state before each test runs. Update example SSL_KEY_PATH and SSL_CERT_PATH to use relative paths for more portability.
Import the ApiUrl module and set the local URL in the setup function. This ensures the tests have the correct API endpoint configured.
Reordered import statements in `workspace-invitation.service.spec.ts` for improved code organization. This change ensures that dependencies are imported in a more logical sequence.
Included API_URL in self-hosting documentation for public endpoint configuration. This helps developers set up the correct URLs for API interactions in their self-hosted environments.
Removed protocol check logic from main.ts and enforced URL validation to require protocol directly in environment variables definition. This ensures consistent and secure URL formats throughout the application.
Add a new Bash script for generating self-signed SSL certificates, including a README with instructions. Supports customizable domain, root certificate name, and validity period, and integrates root certificate into macOS keychain.
Deleted the now-redundant server-and-api-urls utility and its tests. Replaced all references with `environmentService.get('SERVER_URL')` to simplify the configuration management.
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR adds SSL/HTTPS support to the Twenty server through self-signed certificates, including environment configuration and a certificate generation script.
- Added SSL certificate generation script
scripts/ssl-generation/script.shwith macOS keychain integration and 825-day validity period - New environment variables
SSL_KEY_PATHandSSL_CERT_PATHin.env.examplefor configuring HTTPS server - Modified
main.tsto enable HTTPS when SSL paths are provided in environment variables - Improved URL handling in SSO service using URL class for proper protocol support
- Security consideration: Script stores sensitive keys in home directory and requires sudo access for macOS keychain
6 file(s) reviewed, 10 comment(s)
Edit PR Review Bot Settings | Greptile
| cd $CERTS_DIR | ||
|
|
||
| # Generate the private key for the Certificate Authority (CA) | ||
| openssl genrsa -des3 -out ${ROOT_CERT_NAME}.key 2048 |
There was a problem hiding this comment.
logic: -des3 is deprecated and considered insecure. Use -aes256 instead for the root CA key encryption.
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Show resolved
Hide resolved
Eliminated redundant FRONT_AUTH_CALLBACK_URL environment variable from auth controller, environment variables, and documentation. Updated error handling to directly redirect to the verification page.
Cleaned up the main.ts file by removing the unused server URL configuration logic. Updated SSL generation script and documentation to change certificate validity days to 398 and switched to aes256 for key generation.
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts
Show resolved
Hide resolved
charlesBochet
approved these changes
Nov 26, 2024
Changed default SERVER_URL from 'http://localhost' to 'http://localhost:3000'. This ensures the server runs on port 3000 by default for better compatibility with existing setups.
|
Thanks @AMoreaux for your contribution! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.