Graphql-yoga: HTTPS

Created on 13 Mar 2018  ·  8Comments  ·  Source: dotansimha/graphql-yoga

Are there any plans to implement an HTTPS setup? As it currently stands, it is (as far as I can tell) no way to initialize GraphQLServer with HTTPS, or the https module for that matter.

statupr-welcome

Most helpful comment

This could be passed as a property to the start method to have the option to create a secure server instance. 💫

i.e.

server.start({
  ...opts,
  https: {
    key: fs.readFileSync(keyPath),
    cert: fs.readFileSync(certPath)
  }
});

e.g. https://github.com/douglaseggleton/graphql-yoga/commit/c9252cf341e524297522768fa0d6cbef2d809e4e

All 8 comments

IMHO, not required: can be easily done with a proxy. I will also argue a DMZ is required in a proper architecture.

IT is all above divide and conquer...

@Gipphe even if HTTPS becomes a part of GraphQL yoga, you'll still need it for other parts of your app (such as web frontend). The easiest way to enable HTTPS for all your workload is to run a reverse-proxy such as traefik in front all of them.

I had to run HTTPS everywhere which meant I ended up not using yoga due to this. It would have been a great help at the time. However, the service is running in a docker swarm - perhaps a proxy was the right answer. 🐢

@douglaseggleton a proxy is the answer indeed. Without it, your apps have has to sit in their own domain because HTTPS certs are managed independently. With a ‘switchboard container’ that sits in front of all your Node.js apps (e.g. traefik) you can have https://example.com resolved to your frontend while https://example.com/graphql pointing to your GraphQL backend. Both microservices will be the same valid HTTPS cert and it will be even auto-renewed by the reverse-proxy once needed.

While I completely agree that using a proxy is the preferred solution (especially given today's cloud offering like AWS API Gateway, now etc), I still think that this shouldn't be a entry barrier/blocker for people like @douglaseggleton or @Gipphe.

Let's try to see whether we can also support HTTPS without making graphql-yoga more complicated to use/understand. Does someone have some API suggestions?

This could be passed as a property to the start method to have the option to create a secure server instance. 💫

i.e.

server.start({
  ...opts,
  https: {
    key: fs.readFileSync(keyPath),
    cert: fs.readFileSync(certPath)
  }
});

e.g. https://github.com/douglaseggleton/graphql-yoga/commit/c9252cf341e524297522768fa0d6cbef2d809e4e

While a reverse-proxy would certainly be _a_ solution, we have a desire to keep everything on HTTPS internally as well, preferably without having to use a reverse-proxy internally for each service. We are gradually replacing and "prettying up" old APIs with GraphQL implementations at our place, so I thank you for taking this into consideration, even though it fits only a very small subset of use-cases in today's IT world.

@Gipphe fully agree! 👍

@douglaseggleton this looks great! Can you submit a PR for this? :shipit:

Was this page helpful?
0 / 5 - 0 ratings