feat: use mtls between frontend and backend #37
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CammilleCC
force-pushed
the
fix/real-time-updates
branch
from
ca7a09e to
57215c4
Compare
RobertRosca
force-pushed
the
feat/real-time-updates-mtls
branch
5 times, most recently
from
55532f5 to
b3f3d98
Compare
previously websockets true flag was ignored
CammilleCC
force-pushed
the
feat/real-time-updates-mtls
branch
from
b3f3d98 to
4018916
Compare
CammilleCC
reviewed
Nov 14, 2024
CammilleCC
reviewed
Nov 14, 2024
Co-authored-by: Cammille Carinan <[email protected]>
Ensures that the file exists
CammilleCC
reviewed
Dec 17, 2024
| ) | ||
| } | ||
|
|
||
| const baseURL = new URL(VITE_URL) |
There was a problem hiding this comment.
We should probably avoid hardcoding the URL with the host and the port, as it might be best for it to be dynamic and accounting in which machine it is run (host), and the supplied port that could also come from the CLI argument.
The VITE_BASE_URL from before is for custom base path such as localhost:port/<BASE_URL>, which follows the following notation on https://vite.dev/config/shared-options.html#base. It is stored as environment variable as the proxies should also follow e.g., localhost:port/<BASE_URL>/graphql. Maybe the BASE_URL name was a bit misleading, sorry about that!
| key: fs.readFileSync(path.resolve(__dirname, VITE_MTLS_KEY)), | ||
| cert: fs.readFileSync(path.resolve(__dirname, VITE_MTLS_CERT)), | ||
| ca: fs.readFileSync(path.resolve(__dirname, VITE_MTLS_CA)), | ||
| } |
There was a problem hiding this comment.
I've tested locally, I found that adding these two helps making things compatible:
Suggested change
| } | |
| secureProtocol: "TLSv1_2_method", | |
| ciphers: [ | |
| "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", | |
| "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", | |
| ].join(":"), | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
MR sets up API server to only communicate via mTLS and configures the frontend to proxy requests through with the required certificates.
TODO: