Temporal is a distributed, scalable, durable, and highly available orchestration engine we developed at Uber Engineering to execute asynchronous long-running business logic in a scalable and resilient way.
This web UI is used to view workflows from Temporalio, see what's running, and explore and debug workflow executions.
Set these environment variables if you need to change their defaults
| Variable | Description | Default |
|---|---|---|
| TEMPORAL_GRPC_ENDPOINT | String representing server gRPC endpoint | 127.0.0.1:7233 |
| TEMPORAL_WEB_PORT | HTTP port to serve on | 8088 |
| TEMPORAL_PERMIT_WRITE_API | Boolean to permit write API methods such as Terminating Workflows | true |
| TEMPORAL_HOT_RELOAD_PORT | HTTP port used by hot reloading in development | 8081 |
| TEMPORAL_HOT_RELOAD_TEST_PORT | HTTP port used by hot reloading in tests | 8082 |
| TEMPORAL_SESSION_SECRET | Secret used to hash the session with HMAC | "ensure secret in production" |
| TEMPORAL_EXTERNAL_SCRIPTS | Additional JavaScript tags to serve in the UI |
Optional TLS configuration variables:
| Variable | Description | Default |
|---|---|---|
| TEMPORAL_TLS_CA_PATH | Certificate authority (CA) certificate for the validation of server | |
| TEMPORAL_TLS_KEY_PATH | Private key for secure communication with the server | |
| TEMPORAL_TLS_CERT_PATH | Certificate for the server to validate the client (web) identity | |
| TEMPORAL_TLS_ENABLE_HOST_VERIFICATION | Enables verification of the server certificate | true |
| TEMPORAL_TLS_SERVER_NAME | Target server that is used for TLS host verification |
To enable TLS, you need to specify TEMPORAL_TLS_CA_PATH, TEMPORAL_TLS_KEY_PATH, and TEMPORAL_TLS_CERT_PATH.
By default we will also verify your server hostname, matching it to TEMPORAL_TLS_SERVER_NAME. You can turn this off by setting TEMPORAL_TLS_ENABLE_HOST_VERIFICATION to false.
⚠️ This is currently a beta feature, please report any and all issues to us!
Since v1.3, Temporal Web offers optional OAuth SSO authentication. You can enable it in 2 steps:
-
Edit the
server/config.ymlfile:auth: enabled: true # Temporal Web checks this first before reading your provider config providers: - label: 'googleoidc' type: oidc issuer: https://accounts.google.com client_id: xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com client_secret: xxxxxxxxxxxxxxxxxxxxxxx callback_base_uri: http://localhost:8088
Providing
config.ymlto Docker imageIf you are running Temporal Web from the docker image, you can provide your external config.yml to docker to override the internal config. Create config.yml file on your machine, for example at
~/Desktop/config.yml. Start the docker image, providing the path to your config.yml file using external volume flag (-v). Leave the path after the semicolon as is:docker run --network host -v ~/Desktop/config.yml:/usr/app/server/config.yml temporalio/web:latestIn future, multiple Oauth providers may be supported, however for now we only read the first Oauth provider under the
providerskey above.Common Oauth Providers and their docs:
- Google: https://developers.google.com/identity/protocols/oauth2/openid-connect
- Auth0: https://auth0.com/docs/protocols/configure-okta-as-oauth2-identity-provider
- Okta: https://help.okta.com/en/prod/Content/Topics/Apps/Apps_App_Integration_Wizard_OIDC.htm
- please feel free to PR or request more help on the Temporal Web repo
-
You will need to provide a redirect URL to your Oauth Provider. If you are hosting Temporal Web at
http://localhost:8088(this is configured bycallback_base_uriinserver/config.yml), then it ishttp://localhost:8088/auth/sso_callback.- By default, Temporal Web asks for 3 scopes, make sure your provider recognizes these or you may see scope-related errors:
openidrequired by some OIDC providers like auth0profilefor nameemailfor email
- By default, Temporal Web asks for 3 scopes, make sure your provider recognizes these or you may see scope-related errors:
temporal-web uses all the standard npm scripts to install dependencies, run the server, and run tests. Additionally to run locally with webpack hot reloading and other conveniences, use
make
npm run dev
For development and contributing to temporal-web, please see the contributing guide.
You may also use docker by pulling temporalio/web. It is also included in the Temporal server's local docker setup.
If you need to extend temporal-web to add middleware to the server, you can install temporal-web as a dependecy, and it will export the Koa web server that has not yet been started or configured. It includes an additional init function that will then compose the built-in middleware. This gives you an option to add middleware before or after you call init so it will add the middleware at the beginning or the end of the chain, respectively.
All options are optional.
useWebpack: If true, starts webpack and adds the middleware, otherwise if false, it assumes the UI bundle was already built and serves it statically. Defaults to process.env.NODE_ENV === 'production'.
logErrors: If true, thrown errors are logged to console.error. Defaults to true.
For example, here is how you would add a request count metric using uber-statsd-client:
var app = require('temporal-web');
var createStatsd = require('uber-statsd-client');
var sdc = createStatsd({
host: 'statsd.example.com',
});
app
.use(async function(ctx, next) {
sdc.increment('http.request');
await next();
})
.init()
.listen(7000);The webpack configuration is also exported as webpackConfig, and can be modified before calling init().
MIT License, please see LICENSE for details.