Self-hosted Temporal Nexus
This page explains how to self-host Nexus. To learn about Nexus, see the how Nexus works page. To evaluate whether Nexus fits your use case, see the evaluation guide.
Enable Nexus
Nexus can be configured by setting static configuration and dynamic configuration entries.
Replace $PUBLIC_URL with a URL value that's accessible to external callers or internally within the cluster.
Currently, external Nexus calls are considered experimental so it should be safe to use the address of an internal load balancer for the Frontend Service.
To enable Nexus in your deployment:
-
Enable the HTTP API in the server's static configuration.
services:frontend:rpc:# NOTE: keep other fields as they werehttpPort: 7243clusterMetadata:# NOTE: keep other fields as they wereclusterInformation:active:# NOTE: keep other fields as they werehttpAddress: $PUBLIC_URL:7243 -
Set the required dynamic configuration
-
Prior to version 1.30.X, you must set the public callback URL and the allowed callback addresses.
NOTE: the callback endpoint template and allowed addresses should be set when using the experimental "external" endpoint targets.
component.nexusoperations.callback.endpoint.template:# The URL must be publicly accessible if the callback is meant to be called by external services.# When using Nexus for cross namespace calls, the URL's host is irrelevant as the address is resolved using# membership. The URL is a Go template that interpolates the `NamepaceName` and `NamespaceID` variables.- value: https://$PUBLIC_URL:7243/namespaces/{{.NamespaceName}}/nexus/callbackcomponent.callbacks.allowedAddresses:# Limits which callback URLs are accepted by the server.# Wildcard patterns (*) and insecure (HTTP) callbacks are intended for development only.# For production, restrict allowed hosts and set AllowInsecure to false# whenever HTTPS/TLS is supported. Allowing HTTP increases MITM and data exposure risk.- value:- Pattern: "*" # Update to restrict allowed callers, e.g. "*.example.com"AllowInsecure: true # In production, set to false and ensure traffic is HTTPS/TLS encrypted -
Version 1.30.X+: Nexus is enabled by default. Only the system callback URL is needed.
component.nexusoperations.useSystemCallbackURL:- value: true
-
Build and use Nexus Services
See how Nexus works for an architectural overview, then follow an SDK guide to build your first Nexus Service.
- Go | Java | Python | TypeScript | .NET
Global Namespaces (multi-region failover)
Nexus works across a Global (multi-region) Namespace. An asynchronous Nexus Operation started in one Cluster completes even if the Namespace fails over, or its Cluster is lost, before the Operation finishes.
This applies to Worker-target Endpoints, where the Endpoint
routes to a target Namespace and Task Queue that a Worker polls. Endpoints can also
target an external URL (--target-url), which is experimental and not covered here.
Configuration
-
Set up Multi-Cluster Replication. See Multi-Cluster Replication for connecting Clusters and creating replicated Namespaces.
-
Register Endpoints on every Cluster. The Nexus Endpoint registry isn't replicated across Clusters. Create the same Endpoints (same target Namespace and Task Queue) on each Cluster.
-
Advertise a frontend HTTP address on every Cluster. Extend the
httpPortandclusterInformation.<cluster>.httpAddressfrom Enable Nexus to every Cluster, each with its own address, so callback routing can resolve it at delivery time.operator cluster upsertdoesn't sethttpAddress, so set it explicitly; otherwise cross-Cluster callbacks fail withHTTPAddress not configured for cluster: <name>. -
Enable automatic forwarding so a request that lands on a standby Cluster forwards to the active one. This has two parts.
Set the server's
dcRedirectionPolicyin static config. It defaults to no redirection, so you must set it toall-apis-forwarding(orselected-apis-forwarding):dcRedirectionPolicy:policy: "all-apis-forwarding"Turn on auto-forwarding per Namespace in dynamic config:
system.enableNamespaceNotActiveAutoForwarding:- value: true
What to expect on failover
- Callbacks are delivered internally to the caller Namespace's active Cluster, re-resolved on each attempt. No callback URL, DNS, or proxy to manage.
- Forwarding runs on the surviving Cluster, never the failed one, so planned failover and permanent Cluster loss both work.
- Caller and handler can be active on different Clusters (active is per
Namespace). The completion forwards across Clusters automatically, as long as each
Cluster advertises its
httpAddress. - On permanent Cluster loss, fail over every Namespace off it. A completion still pointing at the lost Cluster retries until you do; state not replicated before the loss is lost with it.