search

superstreamlabs / memphis

Memphis.dev is a highly scalable and effortless data streaming platform
https://docs.memphis.dev
Other
3.23k stars 217 forks source link

Feature: Add secure websocket (wss) support for the UI #969

Open dev-viinz opened 1 year ago

dev-viinz commented 1 year ago

Current behavior

When using the UI with https the websocket connection is trying to connect via wss, but fails.

Suggested solution

Support wss so that the UI can be used fully with https.

Additional context

No response

Code of Conduct

yanivbh1 commented 1 year ago

@idanasulinmemphis Can you share more information?

dev-viinz commented 1 year ago

I dug through the frontend a bit, and found that a possible solution would be to let the user set a custom websocket URL and PORT. That way we could easily proxy the connection with our own certificates. I am not really experienced enough with react or go for that matter to comfortably contribute. But i found that we'd need some way of adjusting this variable here: https://github.com/memphisdev/memphis/blob/33b3e5a6531b27bf046b43b8a2ff0e5f6ded05a6/ui_src/src/config.js#L17

and this one: https://github.com/memphisdev/memphis/blob/33b3e5a6531b27bf046b43b8a2ff0e5f6ded05a6/ui_src/src/App.js#L81

Just an idea I had, and something that would be a good solution for me ¯\(ツ)

idanasulin2706 commented 1 year ago

For those users who wants to be able to run Memphis via docker and accessing the UI through a reverse proxy + https, we should allow to add certificates as supported when deploying Memphis with Helm. Until then users who run Memphis this way experience issue with the UI which can not connect with the WS server

francbartoli commented 10 months ago

@idanasulinmemphis a regular reverse proxy with non-root location is confirmed to not being supported (see discord discussion https://discord.com/channels/963333392844328961/1171880661406195733). It is beneficial when it is deployed among an ecosystem of different microservices under the same public FQDN. However, SSL offloading can be managed at reverse proxy level with tools like Traefik, nginx, Caddy, etc IMHO

@yanivbh1 do you think I should open another dedicated ticket for the feature request of reverse proxy support?

yanivbh1 commented 10 months ago

Hey @francbartoli , in case it does not appear here https://memphis.dev/roadmap the answer is yes. Adding @valeraBr and @bkochauri-memphis as well. Thanks!