Hi
I have enabled mutual TLS for both frontend and internode communication.After that I am able to execute the workflow.
But am not able to access temporal web http://localhost:8088/namespaces/default/workflows?range=last-1-days&status=ALL
Is there any document explaining how to enable SSL in temporal web?
The web accepts env variables such as TEMPORAL_TLS_CERT_PATH, TEMPORAL_TLS_KEY_PATH and few others to enable TLS
You can find the info here GitHub - temporalio/web: Temporal Web UI (click on the Optional TLS configuration variables)
Our docs on Temporal Web TLS currently lead to github as well Temporal Server security | Temporal
Hi Ruslan
Thanks for the reply
I did export TEMPORAL_TLS_CERT_PATH and TEMPORAL_TLS_KEY_PATH
When i try to access web console, am getting the below error
Please let me know your thoughts.
temporal-web_1 | OperationalError: 2 UNKNOWN: Stream removed
temporal-web_1 | at Object.exports.createStatusError (/usr/app/node_modules/grpc/src/common.js:91:15)
temporal-web_1 | at Object.onReceiveStatus (/usr/app/node_modules/grpc/src/client_interceptors.js:1209:28)
temporal-web_1 | at InterceptingListener._callNext (/usr/app/node_modules/grpc/src/client_interceptors.js:568:42)
temporal-web_1 | at InterceptingListener.onReceiveStatus (/usr/app/node_modules/grpc/src/client_interceptors.js:618:8)
temporal-web_1 | at callback (/usr/app/node_modules/grpc/src/client_interceptors.js:847:24) {
temporal-web_1 | cause: Error: 2 UNKNOWN: Stream removed
temporal-web_1 | at Object.exports.createStatusError (/usr/app/node_modules/grpc/src/common.js:91:15)
temporal-web_1 | at Object.onReceiveStatus (/usr/app/node_modules/grpc/src/client_interceptors.js:1209:28)
temporal-web_1 | at InterceptingListener._callNext (/usr/app/node_modules/grpc/src/client_interceptors.js:568:42)
temporal-web_1 | at InterceptingListener.onReceiveStatus (/usr/app/node_modules/grpc/src/client_interceptors.js:618:8)
temporal-web_1 | at callback (/usr/app/node_modules/grpc/src/client_interceptors.js:847:24) {
temporal-web_1 | code: 2,
temporal-web_1 | metadata: Metadata { _internal_repr: {}, flags: 0 },
temporal-web_1 | details: 'Stream removed'
temporal-web_1 | },
temporal-web_1 | isOperational: true,
temporal-web_1 | code: 2,
temporal-web_1 | metadata: Metadata { _internal_repr: {}, flags: 0 },
temporal-web_1 | details: 'Stream removed'
temporal-web_1 | }
temporal-web_1 | OperationalError: 2 UNKNOWN: Stream removed
temporal-web_1 | at Object.exports.createStatusError (/usr/app/node_modules/grpc/src/common.js:91:15)
temporal-web_1 | at Object.onReceiveStatus (/usr/app/node_modules/grpc/src/client_interceptors.js:1209:28)
temporal-web_1 | at InterceptingListener._callNext (/usr/app/node_modules/grpc/src/client_interceptors.js:568:42)
temporal-web_1 | at InterceptingListener.onReceiveStatus (/usr/app/node_modules/grpc/src/client_interceptors.js:618:8)
temporal-web_1 | at callback (/usr/app/node_modules/grpc/src/client_interceptors.js:847:24) {
temporal-web_1 | cause: Error: 2 UNKNOWN: Stream removed
temporal-web_1 | at Object.exports.createStatusError (/usr/app/node_modules/grpc/src/common.js:91:15)
temporal-web_1 | at Object.onReceiveStatus (/usr/app/node_modules/grpc/src/client_interceptors.js:1209:28)
temporal-web_1 | at InterceptingListener._callNext (/usr/app/node_modules/grpc/src/client_interceptors.js:568:42)
temporal-web_1 | at InterceptingListener.onReceiveStatus (/usr/app/node_modules/grpc/src/client_interceptors.js:618:8)
temporal-web_1 | at callback (/usr/app/node_modules/grpc/src/client_interceptors.js:847:24) {
temporal-web_1 | code: 2,
temporal-web_1 | metadata: Metadata { _internal_repr: {}, flags: 0 },
temporal-web_1 | details: 'Stream removed'
temporal-web_1 | },
temporal-web_1 | isOperational: true,
temporal-web_1 | code: 2,
temporal-web_1 | metadata: Metadata { _internal_repr: {}, flags: 0 },
temporal-web_1 | details: 'Stream removed'
temporal-web_1 | }
My Compose file
version: "3"
services:
temporal:
image: temporalio/auto-setup:${SERVER_TAG:-1.3.2}
ports:
- "7233:7233"
volumes:
- ${DYNAMIC_CONFIG_DIR:-../config}:/etc/temporal/config
- ${DYNAMIC_CONFIG_DIR:-../ssl}:/etc/temporal/config/ssl
environhavement:
- "DB=postgresql"
- "DB_PORT=5432"
- "POSTGRES_USER=postgres"
- "POSTGRES_PWD=${PG_PWD}"
- "POSTGRES_SEEDS=172.19.0.1"
- "DYNAMIC_CONFIG_FILE_PATH=/etc/temporal/config/dynamicconfig"
- "TEMPORAL_TLS_REQUIRE_CLIENT_AUTH=true"
- "TEMPORAL_TLS_FRONTEND_CERT=/etc/temporal/config/ssl/temporal.crt"
- "TEMPORAL_TLS_FRONTEND_KEY=/etc/temporal/config/ssl/temporal.key"
- "TEMPORAL_TLS_CLIENT1_CA_CERT=/etc/temporal/config/ssl/temporal.crt"
- "TEMPORAL_CLI_TLS_CERT=/etc/temporal/config/ssl/temporal.crt"
- "TEMPORAL_CLI_TLS_KEY=/etc/temporal/config/ssl/temporal.key"
- "TEMPORAL_TLS_SERVER_CERT=/etc/temporal/config/ssl/temporal.crt"
- "TEMPORAL_TLS_SERVER_KEY=/etc/temporal/config/ssl/temporal.key"
- "TEMPORAL_TLS_SERVER_CA_CERT=/etc/temporal/config/ssl/temporal.crt"
- "LOG_LEVEL=debug"
temporal-admin-tools:
image: temporalio/admin-tools:${SERVER_TAG:-1.3.2}
stdin_open: true
tty: true
environment:
- "TEMPORAL_CLI_ADDRESS=temporal"
depends_on:
- temporal
temporal-web:
image: temporalio/web:${WEB_TAG:-1.3.0}
volumes:
- ../ssl:/ssl
environment:
- "TEMPORAL_GRPC_ENDPOINT=temporal:7233"
- "TEMPORAL_TLS_CA_PATH=/ssl/temporal.crt"
- "TEMPORAL_TLS_CERT_PATH=/ssl/temporal.crt"
- "TEMPORAL_TLS_KEY_PATH=/ssl/temporal.key"
ports:
- "8088:8088"
depends_on:
- temporal
This topic was automatically closed after 3 days. New replies are no longer allowed.
Web mTLS support was added in v1.3.1 first Release v1.3.1 · temporalio/web · GitHub
I would suggest using Web starting v1.3.1 or preferably even v1.5.0+ since there were few more changes to mTLS after v1.3.1