Skip to main content

Self-hosted Temporal Nexus

SUPPORT, STABILITY, and DEPENDENCY INFO

Temporal Nexus is now Generally Available. Learn why you should use Nexus in the evaluation guide.

Temporal Nexus connects Temporal Applications across Namespaces with built-in durability, security, and fault isolation.

Nexus Overview

Nexus Overview

Enable Nexus

Enable Nexus by updating your static configuration and dynamic config. Nexus is supported in single-cluster setups only. See Nexus Architecture for operational details.

note

Replace $PUBLIC_URL with a URL value that's accessible to external callers or internally within the cluster. Currently, external Nexus calls are considered experimental so it should be safe to use the address of an internal load balancer for the Frontend Service.

To enable Nexus in your deployment:

  1. Enable the HTTP API in the server's static configuration.

    services:
      frontend:
        rpc:
          # NOTE: keep other fields as they were
          httpPort: 7243

    clusterMetadata:
      # NOTE: keep other fields as they were
      clusterInformation:
        active:
          # NOTE: keep other fields as they were
          httpAddress: $PUBLIC_URL:7243

  2. Set the required dynamic configuration.

    1. Prior to version 1.30.X: Enable Nexus, set the callback URL, and configure allowed callback addresses.

      NOTE: the callback endpoint template and allowed addresses should be set when using the experimental "external" endpoint targets.

      system.enableNexus:
        - value: true
      component.nexusoperations.callback.endpoint.template:
        # The URL must be publicly accessible if the callback is meant to be called by external services.
        # When using Nexus for cross namespace calls, the URL's host is irrelevant as the address is resolved using
        # membership. The URL is a Go template that interpolates the `NamepaceName` and `NamespaceID` variables.
        - value: https://$PUBLIC_URL:7243/namespaces/{{.NamespaceName}}/nexus/callback
      component.callbacks.allowedAddresses:
        # Limits which callback URLs are accepted by the server.
        # Wildcard patterns (*) and insecure (HTTP) callbacks are intended for development only.
        # For production, restrict allowed hosts and set AllowInsecure to false
        # whenever HTTPS/TLS is supported. Allowing HTTP increases MITM and data exposure risk.
        - value:
            - Pattern: "*" # Update to restrict allowed callers, e.g. "*.example.com"
              AllowInsecure: true # In production, set to false and ensure traffic is HTTPS/TLS encrypted

    2. Version 1.30.X+: Nexus is enabled by default. Only the system callback URL is needed.

      component.nexusoperations.useSystemCallbackURL:
        - value: true

Build and use Nexus Services

See how Nexus works for an architectural overview, then follow an SDK guide to build your first Nexus Service.

SDK GUIDES