Skip to content

Add HTTPS mode to setup wizard #957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
philipliu merged 2 commits into from
Nov 27, 2025
Merged

Add HTTPS mode to setup wizard #957

philipliu merged 2 commits into from
Nov 27, 2025

Conversation

@philipliu
Copy link
Contributor

@philipliu philipliu commented Nov 27, 2025
edited
Loading

What

This adds an HTTPS mode to the setup wizard. The protocol is set at the .env level, meaning a profile created with HTTPS cannot be used over HTTP later, and vice versa.

Why

HTTPS is required to work with passkeys in a multitenant setup. It's been implemented in the feature/c-accounts branch in the dev/main.sh script, but needs to be ported to the setup wizard.

Known limitations

N/A

Checklist

  • Title follows SDP-1234: Add new feature or Chore: Refactor package xyz format. The Jira ticket code was included if available.
  • PR has a focused scope and doesn't mix features with refactoring
  • Tests are included (if applicable)
  • CHANGELOG.md is updated (if applicable)
  • CONFIG/SECRETS changes are updated in helmcharts and deployments (if applicable)
  • Preview deployment works as expected
  • Ready for production

@philipliu philipliu temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) November 27, 2025 02:07 — with GitHub Actions Inactive
@philipliu philipliu temporarily deployed to Internal SEP Tests November 27, 2025 02:07 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-jenkins commented Nov 27, 2025

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr957.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr957.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr957.previews.kube001.services.stellar-ops.com

@philipliu philipliu temporarily deployed to Internal SEP Tests November 27, 2025 18:10 — with GitHub Actions Inactive
@philipliu philipliu temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) November 27, 2025 18:10 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-jenkins commented Nov 27, 2025

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr957.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr957.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr957.previews.kube001.services.stellar-ops.com

@philipliu philipliu temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) November 27, 2025 18:21 — with GitHub Actions Inactive
@philipliu philipliu temporarily deployed to Internal SEP Tests November 27, 2025 18:21 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-jenkins commented Nov 27, 2025

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr957.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr957.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr957.previews.kube001.services.stellar-ops.com

@philipliu philipliu marked this pull request as ready for review November 27, 2025 18:32
Copilot AI review requested due to automatic review settings November 27, 2025 18:32
Copilot AI reviewed Nov 27, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds HTTPS support to the setup wizard for the Stellar Disbursement Platform. The feature enables developers to run the dashboard over HTTPS, which is required for WebAuthn/passkeys functionality in multi-tenant deployments. The HTTPS mode is configured at the .env file level, meaning once a profile is created with HTTPS, it cannot be switched to HTTP (and vice versa) without regenerating the configuration.

Key changes:

  • Adds an HTTPS selection phase to the setup wizard workflow
  • Configures docker-compose to conditionally include an nginx HTTPS proxy
  • Updates configuration management to track HTTPS state and generate appropriate URLs

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
tools/sdp-setup/internal/workflow/setup_workflow.go Adds new phase for HTTPS selection in setup wizard, prompts user to choose between HTTP and HTTPS
tools/sdp-setup/internal/tenant/service.go Updates tenant creation and login hints to use dynamic frontend URLs based on HTTPS configuration
tools/sdp-setup/internal/docker/service.go Adds HTTPS certificate validation and conditionally includes HTTPS compose file when starting stack
tools/sdp-setup/internal/config/env.go Adds USE_HTTPS config field, FrontendProtocol/Port tracking, and FrontendBaseURL helper method
dev/nginx-https.conf New nginx reverse proxy configuration for HTTPS with TLS termination and HTTP->HTTPS redirect
dev/docker-compose-https-frontend.yml New compose file that adds nginx proxy service listening on port 3443 for HTTPS access
dev/README.md Documents HTTPS setup prerequisites including mkcert installation and certificate generation
CHANGELOG.md Documents the new HTTPS mode feature in the Unreleased section
.gitignore Ignores dev/certs/ directory containing locally generated TLS certificates

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@philipliu philipliu temporarily deployed to Receiver Registration - E2E Integration Tests (Stellar) November 27, 2025 18:48 — with GitHub Actions Inactive
@philipliu philipliu temporarily deployed to Internal SEP Tests November 27, 2025 18:48 — with GitHub Actions Inactive
@stellar-jenkins
Copy link

stellar-jenkins commented Nov 27, 2025

stellar-disbursement-platform-backend-preview is available here:
SDP: https://sdp-backend-pr957.previews.kube001.services.stellar-ops.com/health
AP: https://sdp-ap-pr957.previews.kube001.services.stellar-ops.com/health
Frontend: https://sdp-backend-dashboard-pr957.previews.kube001.services.stellar-ops.com

marwen-abid
marwen-abid approved these changes Nov 27, 2025
View reviewed changes
Copy link
Contributor

@marwen-abid marwen-abid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Tested successfully

🎉🎉🎉🎉 SUCCESS! 🎉🎉🎉🎉
Single tenant mode - Login URL:
🔗Default tenant: https://localhost:3443
  username: [email protected]  password: Password123!

dev/README.md
mkcert -key-file dev/certs/stellar.local-key.pem -cert-file dev/certs/stellar.local.pem \
"*.stellar.local" localhost 127.0.0.1 ::1
```
3. When the setup wizard asks, choose HTTPS.
Copy link
Contributor

@marwen-abid marwen-abid Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great instructions!

@philipliu philipliu merged commit bef8429 into develop Nov 27, 2025
15 checks passed
@philipliu philipliu deleted the philip/https-wizard branch November 27, 2025 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@marwen-abid marwen-abid marwen-abid approved these changes

Assignees

@philipliu philipliu

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@philipliu @stellar-jenkins @marwen-abid