feat(spa): opt-in 'https' nx serve config for dev-server TLS
Entra refuses http: redirect URIs for any host other than localhost,
which blocked the ADR-0030 dockerised dev mode the moment a developer
tried to share the stack with another teammate via a hostname (e.g.
apf-portal.dev.local). Add an opt-in 'https' Nx serve configuration
on both SPAs so the dev-server can terminate TLS using a mkcert cert,
and let the apps Compose profile pick the configuration via an env
var so behaviour stays unchanged by default.
- apps/portal-{shell,admin}/project.json: new https configuration
inheriting development + ssl/sslKey/sslCert at .secrets/dev-tls.*.
- infra/local/dev.compose.yml: shell + admin commands gain
--configuration=${NX_SERVE_CONFIGURATION:-development}, interpolated
from infra/local/.env at parse time.
- infra/local/.env.example: NX_SERVE_CONFIGURATION block + rationale.
- apps/portal-bff/.env.example: comment block above the ENTRA_*_
REDIRECT_URI defaults shows the https hostname override pattern and
reminds that each URI must be registered Entra-side.
- infra/README.md: new HTTPS dev-server setup subsection covering
mkcert install, cert generation, the .secrets/ convention, the
Entra step, and how to flip NX_SERVE_CONFIGURATION on.
Native WSL / localhost is unaffected: defaultConfiguration stays
development, no SSL files required, existing Entra localhost URIs
work as before. BFF stays plain HTTP behind the SPA proxy.
This commit is contained in:
@@ -92,6 +92,12 @@
|
||||
},
|
||||
"development": {
|
||||
"buildTarget": "portal-shell:build:development"
|
||||
},
|
||||
"https": {
|
||||
"buildTarget": "portal-shell:build:development",
|
||||
"ssl": true,
|
||||
"sslKey": ".secrets/dev-tls.key",
|
||||
"sslCert": ".secrets/dev-tls.pem"
|
||||
}
|
||||
},
|
||||
"defaultConfiguration": "development"
|
||||
|
||||
Reference in New Issue
Block a user