Portal integration#2
Conversation
There was a problem hiding this comment.
Pull request overview
This PR integrates the Explorer local stack with the portal-oriented local development flow by switching local URLs to HTTPS and explorer.corporanet.local, adding portal network attachment, and relaxing CSP frame embedding for a frontend origin.
Changes:
- Switch example local Explorer env values from
localhost/HTTP toexplorer.corporanet.local/HTTPS. - Add Docker build support for local self-signed SSL nginx configuration.
- Update compose networking to attach Explorer to the portal
corporanetnetwork.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
server/ecs/app.py |
Changes CSP frame-ancestors to use FRONTEND_URL. |
hosted/Dockerfile |
Adds OpenSSL and conditional self-signed certificate/nginx SSL config setup. |
docker-compose.yml |
Adds SSL build arg, removes Explorer dependency on localstack, and attaches Explorer to portal network. |
.gitignore |
Ignores local nginx SSL config. |
.env.explorer.example |
Updates Explorer local domains/protocol and adds FRONTEND_URL. |
.env.example |
Enables local SSL certificate generation by default. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| COPY hosted/nginx.ssl.conf* /etc/nginx/nginx.ssl.conf | ||
| ARG LOCALHOST_SSL_CERT=false | ||
| # Generate self-signed SSL certificate only when LOCALHOST_SSL_CERT=true | ||
| RUN if [ "$LOCALHOST_SSL_CERT" = "true" ]; then \ | ||
| mv /etc/nginx/nginx.ssl.conf /etc/nginx/nginx.conf; \ |
There was a problem hiding this comment.
Fixed, COPY hosted/nginx.ssl.conf* /etc/nginx/, then if using local ssl cert, overwrite /etc/nginx/nginx.conf by /etc/nginx/nginx.ssl.conf
| "object-src": ["'none'"], | ||
| "base-uri": ["'none'"], | ||
| "frame-ancestors": ["'none'"], | ||
| "frame-ancestors": [os.getenv("FRONTEND_URL")], |
There was a problem hiding this comment.
Fixed, only setting frame-ancestors when FRONTEND_URL existed
| -keyout /etc/ssl/private/nginx-selfsigned.key \ | ||
| -out /etc/ssl/certs/nginx-selfsigned.crt \ | ||
| -days 3650 \ | ||
| -subj "/CN=explorer.corporanet.local"; \ |
| single-cell-data-portal_corporanet: | ||
| aliases: | ||
| - explorer.corporanet.local |
There was a problem hiding this comment.
localstack has been removed from the section of depends_on in explorer service
| networks: | ||
| corporanet: | ||
| single-cell-data-portal_corporanet: | ||
| external: true |
| "object-src": ["'none'"], | ||
| "base-uri": ["'none'"], | ||
| "frame-ancestors": ["'none'"], | ||
| "frame-ancestors": [os.getenv("FRONTEND_URL")], | ||
| } |
There was a problem hiding this comment.
Fixed, if no FRONTEND_URL, will use "'none'"
| process.env.DEPLOYMENT_TYPE !== "vcp-hosted" && | ||
| process.env.USE_FOR_PORTAL === "false" && ( |
| COPY hosted/nginx.conf /etc/nginx/nginx.conf | ||
| COPY hosted/nginx.ssl.conf* /etc/nginx/nginx.ssl.conf | ||
| ARG LOCALHOST_SSL_CERT=false | ||
| # Generate self-signed SSL certificate only when LOCALHOST_SSL_CERT=true | ||
| RUN if [ "$LOCALHOST_SSL_CERT" = "true" ]; then \ | ||
| mv /etc/nginx/nginx.ssl.conf /etc/nginx/nginx.conf; \ | ||
| openssl req -x509 -newkey rsa:4096 -nodes \ |
There was a problem hiding this comment.
Fixed, copy into a directory instead of a target file
| - BUILDKIT_INLINE_CACHE=1 | ||
| - IMAGE_TAG | ||
| - BASE_IMAGE=${BASE_IMAGE} | ||
| - LOCALHOST_SSL_CERT=${LOCALHOST_SSL_CERT} |
There was a problem hiding this comment.
Fixed, add in args in docker-compose
| - BASE_IMAGE=${BASE_IMAGE} | ||
| - LOCALHOST_SSL_CERT=${LOCALHOST_SSL_CERT} | ||
| restart: always | ||
| depends_on: | ||
| - localstack | ||
| env_file: | ||
| - ./.env.explorer | ||
| ports: |
There was a problem hiding this comment.
explorer does not use this localstack anymore, it will use localstack from portal
| single-cell-data-portal_corporanet: | ||
| aliases: | ||
| - explorer.corporanet.local | ||
| networks: | ||
| corporanet: | ||
| single-cell-data-portal_corporanet: | ||
| external: true |
There was a problem hiding this comment.
Fixed as suggestion
| "base-uri": ["'none'"], | ||
| "frame-ancestors": ["'none'"], | ||
| "frame-ancestors": [os.getenv("FRONTEND_URL")], | ||
| } |
There was a problem hiding this comment.
It works with the setting for frame-ancestors, because frame-ancestors has a higher priority compared frame-options
//—------------------------------------------
// 1) Explorer uses local stack from portal
//—------------------------------------------
Update docker-compose.yml
//—------------------------------------------
// 2) Change from http to https
//—------------------------------------------
env
env.explorer
docker-compose.yml
hosted/Dockerfile
Add file hosted/nginx.ssl.conf
listen 5000 ssl;
//—------------------------------------------
// 3) Explorer uses explorer.corporanet.local instead of localhost
//—------------------------------------------
Run this command:
sudo bash -c 'cat >> /etc/hosts << EOF
127.0.0.1 explorer.corporanet.local
EOF'
env.explorer
//—------------------------------------------
// 4) To use explorer in portal, we need to change from "frame-ancestors": ["'none'"], to "frame-ancestors": [os.getenv("FRONTEND_URL")],
env.explorer
server/ecs/app.py
//—------------------------------------------
So, with these updates, explorer can run at localhost using https://explorer.corporanet.local:5500/e/test.cxg/
Note: For these files .env.example, .env.explorer.example, and nginx.ssl.conf.example, please change their names by removing .example at the end, then review and update the correct information before running at local