Skip to content

Add TLS support for control API (health server) #94

New issue
New issue
Open
Open
Add TLS support for control API (health server)#94
Labels
enhancementNew feature or requestpriority:p2-mediumMedium priority
@cbaugus

Description

@cbaugus
cbaugus
opened on Mar 3, 2026

Problem

The health server (POST /config, GET /health) runs over plain HTTP. For SaaS deployments where the control plane communicates over the internet, TLS is required.

Requirements

  • Add optional TLS support to the hyper health server
  • Configured via env vars: TLS_CERT_PATH, TLS_KEY_PATH
  • When cert/key are provided, server binds with TLS
  • When not provided, falls back to plain HTTP (backwards compatible)

Notes

  • In Nomad/K8s internal deployments, TLS termination is often handled by the service mesh (Consul Connect, Istio). This is lower priority than auth.
  • Consider using rustls instead of OpenSSL for easier cross-compilation

Acceptance Criteria

  • Server supports HTTPS when cert/key env vars are set
  • Falls back to HTTP when env vars are unset
  • Works with self-signed certs for testing

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestpriority:p2-mediumMedium priority

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions