Postgres ssl certificate in the final build
I need to secure connections to my Supabase database instance, and for that to happen I need to ship the CA / Root Certificate in the build directory so that the server can find it when running in a staging / production build.
What's the recommended way to achieve that?
7 Replies
Hi @Sergio Visinoni. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Based on the knowledge sources provided, I can offer some information related to your question about securing connections to your Supabase database instance with SSL certificates in a Wasp project. However, the sources don't provide a specific recommended way to ship the CA/Root Certificate in the build directory for staging/production builds.
That being said, there are a few relevant points to consider:
1. Wasp supports using external database hosting, including Supabase. As mentioned in a comment on a GitHub issue, a user successfully used a Supabase database via DATABASE_URL.
2. Wasp uses Prisma, which has support for SSL connections. In a past issue, Wasp updated Prisma to version 3.13 to support SSL 3.0, addressing some SSL-related problems Update prisma to 3.13 in order to have support for SSL 3.0.
3. For deploying to Heroku (which might be relevant for your staging/production builds), Wasp provides instructions for handling SSL connections. Specifically, it mentions setting an environment variable
PG_BOSS_NEW_OPTIONS with SSL options Docs > Advanced > Deployment > Deploying Manually.
4. Wasp allows customization of the Dockerfile used for builds. You might be able to use this feature to include your CA/Root Certificate in the build. You can find more information about this in the Docs > Advanced > Deployment > Overview.
While these points don't directly answer how to ship the CA/Root Certificate in the build directory, they suggest that Wasp has some flexibility in handling database connections and build processes. You might be able to use a combination of environment variables, custom Dockerfile instructions, and Prisma's SSL support to achieve your goal.
For a more specific solution, you may want to reach out to the Wasp community directly. As mentioned in the documentation, you can join their Discord for more detailed assistance with customization needs.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sergio Visinoni, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai the question is not so specific about the PostgreSQL database. I just need a Wasp-compatible way of adding extra files to the target build directory for the server component. Any hints on how to do that the "right" way?
Let me check the knowledge base for you again. One moment! :books:
----------------------
I apologize for misunderstanding your initial question. Thank you for clarifying. Let me provide a more relevant answer based on the information available in the knowledge sources.
The most appropriate way to add extra files to the target build directory for the server component in a Wasp project is by customizing the Dockerfile. Wasp provides a feature that allows you to modify the default Dockerfile used for builds. Here's how you can do it:
1. Create a custom
Dockerfile in your project's root directory (the same folder where main.wasp is located).
2. Wasp will automatically use this custom Dockerfile instead of the default one when building your server.
3. In your custom Dockerfile, you can add commands to copy your extra files into the build directory.
This approach is described in the Wasp deployment documentation. The documentation states:
"You can add extra steps to this multi-stage Dockerfile by creating your own Dockerfile in the project's root directory. If Wasp finds a Dockerfile in the project's root, it appends its contents at the bottom of the default multi-stage Dockerfile."
To see what your project's (potentially combined) Dockerfile will look like, you can run:
This command will show you the final Dockerfile that will be used for the build, including your customizations.
When adding your custom commands, it's recommended to place them just above the npm run bundle line in the Dockerfile. This ensures that your files are copied into the build directory before the final bundling step.
Keep in mind that while this method allows you to add extra files to the build, you should be cautious about including sensitive information directly in the Docker image. For truly sensitive data like SSL certificates, using environment variables or secure secret management solutions might be more appropriate.
If you need more specific assistance or if this solution doesn't fully address your needs, the Wasp team encourages users to join their Discord for more detailed support.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sergio Visinoni, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?@kapa.ai is there a way to do it via either Vite or Npm so that's included in the
wasp start and wasp build commands?Let me check the knowledge base for you again. One moment! :books:
----------------------
Based on the knowledge sources provided, there isn't a direct way to include extra files in the server build directory using Vite or npm that would work seamlessly with both
wasp start and wasp build commands. However, I can provide some relevant information and potential workarounds:
1. Wasp projects now have a top-level package.json file, as mentioned in this GitHub issue. This means you can add dependencies and potentially use npm scripts, but there's no specific mention of using this for including extra files in the build.
2. For the client-side (frontend) of your Wasp app, there is a way to configure Vite to allow access to files outside its default serving directory. This is described in a Discord conversation where a user needed to include font files. The solution involves using resolveProjectPath from 'wasp/dev' and configuring Vite's server.fs.allow option. However, this solution is specific to the client-side and doesn't directly apply to the server build.
3. The most reliable way to include extra files in the server build remains customizing the Dockerfile, as mentioned in the previous answer. This works for wasp build but not for wasp start.
4. There's an open GitHub issue discussing support for static assets in Wasp projects. In a comment, a Wasp team member mentions the possibility of adding a special directory like server/assets/ that would be automatically copied to the built server code during wasp build. However, this feature is not yet implemented.
Given the current state of Wasp, there isn't a straightforward way to include extra files in both wasp start and wasp build using Vite or npm. The Wasp team seems to be aware of this limitation, and it might be addressed in future updates.
For now, you might need to use different approaches for development (wasp start) and production (wasp build) environments. For development, you could potentially use symlinks or manual file copying, while for production, you'd use the custom Dockerfile approach.
If this functionality is crucial for your project, I'd recommend reaching out to the Wasp team directly through their Discord to discuss potential workarounds or to inquire about future plans for this feature.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @Sergio Visinoni, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?For what it's worth I solved this by following the Docker approach, with a simple Dockerfile that looks like this
Hope this might benefit other people who might find themselves in a similar situation in the future.
The certiificats are in the
app/src/server/certs directory in my source treeHey @Sergio Visinoni this is known issue we want to tackle: https://github.com/wasp-lang/wasp/issues/1944
I've linked your proposed workaround in the issue as well 🙂
If you kept them in
src the files would get copied over to the .wasp/sdk folder, but that could change.
Going with the custom Dockerfile is one of the best way for now. Or having a step after wasp build e.g. in some bash script đź‘ŤGitHub
Provide better direct support for static content in Wasp · Issue #1...
We have some users that have content heavy apps: often it is a combo of an app and a blog of some kind (e.g. educational content). While we currently advise to use Wasp + something like Astro, this...