RI-5036: Ensure tls cert and key work from file path or as env variable

Author: nelsonwellsredis

Dockerfile

@@ -43,9 +43,15 @@ FROM node:18.18-alpine
 
 # runtime args and environment variables
 ARG NODE_ENV=production
+ARG RI_HOSTNAME
+ARG RI_APP_PORT=5000
+ARG RI_SERVER_TLS
 ARG RI_SERVER_TLS_CERT
 ARG RI_SERVER_TLS_KEY
 ARG SEGMENT_WRITE_KEY
+ENV RI_HOSTNAME=${RI_HOSTNAME}
+ENV RI_APP_PORT=${RI_APP_PORT}
+ENV RI_SERVER_TLS=${RI_SERVER_TLS}
 ENV RI_SERVER_TLS_CERT=${RI_SERVER_TLS_CERT}
 ENV RI_SERVER_TLS_KEY=${RI_SERVER_TLS_KEY}
 ENV SEGMENT_WRITE_KEY=${SEGMENT_WRITE_KEY}

redisinsight/api/src/main.ts

@@ -14,6 +14,7 @@ import { WindowsAuthAdapter } from 'src/modules/auth/window-auth/adapters/window
 import { AppModule } from './app.module';
 import SWAGGER_CONFIG from '../config/swagger';
 import LOGGER_CONFIG from '../config/logger';
+import { createHttpOptions } from './utils/createHttpOptions';
 
 const serverConfig = get('server') as Config['server'];
 
@@ -33,10 +34,7 @@ export default async function bootstrap(): Promise<IApp> {
   };
 
   if (serverConfig.tls && serverConfig.tlsCert && serverConfig.tlsKey) {
-    options.httpsOptions = {
-      key: JSON.parse(`"${serverConfig.tlsKey}"`),
-      cert: JSON.parse(`"${serverConfig.tlsCert}"`),
-    };
+    options.httpsOptions = await createHttpOptions(serverConfig);
   }
 
   const app = await NestFactory.create<NestExpressApplication>(
@@ -70,7 +68,9 @@ export default async function bootstrap(): Promise<IApp> {
 
   await app.listen(port, serverConfig.listenInterface);
   logger.log({
-    message: `Server is running on http(s)://localhost:${port}`,
+    message: `Server is running on http(s)://${
+      serverConfig.listenInterface ?? 'localhost'
+    }:${port}`,
     context: 'bootstrap',
   });
 

redisinsight/api/src/utils/createHttpOptions.ts

@@ -0,0 +1,33 @@
+import { readFile } from 'fs/promises';
+import { Config } from '.';
+
+export const createHttpOptions = async (serverConfig: Config['server']) => {
+  const { tlsKey, tlsCert } = serverConfig;
+
+  try {
+    const [key, cert] = await Promise.all([
+      readFile(tlsKey, { encoding: 'utf-8' }),
+      readFile(tlsCert, { encoding: 'utf-8' }),
+    ]);
+    return {
+      key,
+      cert,
+    };
+  } catch (e) {
+    /* if this throws, it could mean
+        1. the tlsKey and tlsCert provided by the config were actually certificates in PEM format, not file paths or
+        2. there were issues reading the files (wrong path, permissions, etc.)
+
+       nothing to do in this case except assume PEM format and let the calling code throw if that doesn't work either */
+  }
+
+  // for docker and perhaps other environments, multi-line env vars are problematic, so if there are escaped new-lines
+  // in the key or cert, replace them with proper newlines
+  const key = tlsKey.replace(/\\n/g, '\n');
+  const cert = tlsCert.replace(/\\n/g, '\n');
+
+  return {
+    key,
+    cert,
+  };
+};