Graphql-yoga: Can't able use secure cookies behind a reverse proxy

Created on 21 Oct 2018  路  1Comment  路  Source: dotansimha/graphql-yoga

I am using nginx as a reverse proxy with https (let's encrypt) with the following config:-

location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
    proxy_set_header Host $http_host;   
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Fowarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Fowarded-Proto $scheme;
        proxy_pass http://localhost:8080;
}

Now if I set session.cookie.secure to true I am not able to get the Cookies on the nodejs app, even though I have set

server.express.set('trust proxy', true);

and session.proxy is also set to true

and all headers are passing correctly from nginx:
image 1

Also when I log req.protocol it is set to be http instead of https and the req.ip is 127.0.0.1 even though trust proxy is enabled! (you can see the second last log in the image above)

This is not ideal and will give trouble in future too when I will try to use yoga with reverse proxy

I guess to reproduce do:

  1. Setup nginx reverse proxy with ssl
  2. set trust proxy to true in express
  3. log the req.protocol and req.ip

If req.protocol somehow become https this will get automatically get solved

Most helpful comment

I finally resolved this issue modifying my nginx config like so, I took this from ghost js config

location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:8080;
        }

>All comments

I finally resolved this issue modifying my nginx config like so, I took this from ghost js config

location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:8080;
        }
Was this page helpful?
0 / 5 - 0 ratings

Related issues

SebastianEdwards picture SebastianEdwards  路  4Comments

AhmadEl-Banna picture AhmadEl-Banna  路  5Comments

frederikhors picture frederikhors  路  4Comments

checkmatez picture checkmatez  路  5Comments

ahmedosama5200 picture ahmedosama5200  路  4Comments