Open source web UI with https?

Hi,
I have followed the instructions here https://github.com/sensu/web and have the web UI running on port 80. In version 5 I had the certs defined in backend.yml and was able to access the UI with https on port 3000. Is there additional arguments that can be supplied to version 6 command line "NODE_ENV=production PORT=80 API_URL=https://xvm-7-022.newsbank.com:8080 yarn node scripts serve " to reach the goal of https?

Also, I don’t see a dashboard?
Thanks,
Patricia

It doesn’t look like they currently have https as a possibility. Take a look at the file scripts/serve.js, it is using the http module.

I googled “node.js https” and found they have a https module that can be used instead, and was able to modify the serve.js. I’m new to js apps though, so I can’t say if that was the best way to solve the problem, but it worked.

https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener

Also in regards to the “dashboard”, maybe this post will answer your question:
https://discourse.sensu.io/t/sensu-go-oss-dashboard/1847/7

Just to say, I personally wouldn’t run the application directly on port 80 or 443 for anything other than to test it out, and absolutely not on the Internet. Instead, I’d put an nginx server “in front” of it and proxy requests to it. That rather simplifies the problem in so much as you can put your TLS certificate into Nginx and side-step any issues or the need to change anything in node.js.

For those of us running this on an Internet-connected server, using Nginx also means you can use something like fail2ban to keep the bots off your server. It makes things like LetsEncrypt easier too, if you’re using one of their certificates.

Yeah good point. I ended up using apache proxy and also https in node.js. CentOS doesn’t allow non-root processes to open 443 anyways (by default).

To easily secure the web UI you can put a proxy in front of it, such as Nginx, and terminate SSL on that.

One thing to note is that if your backend API is SSL’d, I couldn’t get it to work without disabling SSL certificate verification by modifying serve.js like so:

--- serve.js.orig	2020-09-10 17:28:51.141567866 -0400
+++ serve.js	2020-09-11 14:38:13.571734407 -0400
@@ -23,6 +23,7 @@
 app.use(
   proxy(proxyPaths, {
     target: apiUrl,
+    secure: false,
     logLevel: process.env.NODE_ENV === "development" ? "silent" : "info",
   }),
 );