Postgraphile: Can I run postgraphql as a https rest api server?

If you're after a REST server as your title suggests, you probably want to look into PostGREST. However if you want to run PostGraphQL under HTTPS there's a really easy way to do it, based on the simple use example in the README:

import { createServer } from 'https'
import postgraphql from 'postgraphql'

const options = {
  key: fs.readFileSync('key.pem'),
  cert: fs.readFileSync('cert.cert')
}

createServer(options, postgraphql()).listen(443)

(Untested code)

Alternatively stick nginx (or similar) in front of it to act as SSL terminator, or any number of other options.

Hope this helps!

Hi Benjie,
we are trying to setup postgraphql using https. which particular file will have the above configuration?
is it postgraphql.js that's in the build\postgraphql folder thats present post install.

Thanks
vmengh

@vmengh -- I assume you are talking command line? Benjie's example was using postgraphile as a library module and NOT using the Docker or CLI version.

If you don't want to make your own little Postgraphile server -- I am not sure the CLI version allows HTTPS easily, but using NGINX as a proxy would do the trick ... (it's a pretty common way to do https stuff) ..

Thanks @sjmcdowall for your prompt response.
I couldn't get your response completely, so will try and explain what we are doing

• we have installed postgraphql through npm
• we run the postgraphql through command line pointing to a DB schema and at a designated port say 5000
• This service gives us 2 endpoints -
  GraphQL endpoint served at http://localhost:5000/graphql
  GraphiQL endpoint served at http://localhost:5000/graphiql

We use to the graphiql endpoint to work through the mutations and graphql endpoint is embedded in the application that triggers the queries/mutations from the UI.
Here, instead of http we would need the endpoint to be served at https
e.g. below
GraphQL endpoint served at https://localhost:5000/graphql
GraphiQL endpoint served at https://localhost:5000/graphiql

What would be required to achieve the desired configuration? Is there any guide or document that can be referenced.

Kindly suggest if this help or further info is required.

Thanks & Regards,
vmengh

You're currently using the CLI interface, documented here:

https://www.graphile.org/postgraphile/usage-cli/

The CLI is a wrapper around the PostGraphile library, documented here:

https://www.graphile.org/postgraphile/usage-library/

The wrapper is defined in the src/postgraphile/cli.ts file:

https://github.com/graphile/postgraphile/blob/4362edf57e5219801a9ff166c1830309d32b0c03/src/postgraphile/cli.ts

To massively simplify it, the CLI effectively does this:

const http = require("http");
const { postgraphile } = require("postgraphile");

http
  .createServer(postgraphile(...))
  .listen(5000);

It's mostly responsible for figuring out the ... part based on your command line options. If you do this task yourself (by specifying the configuration in JS rather than on the CLI) then you unlock a lot more power in PostGraphile - and you can change the server used from http to https as @sjmcdowall has shown.

(Save the above into a file like server.js, fill out the ... with the relevant library arguments, then run node server.js and you should have PostGraphile up and running again.)

Hi Team,
I have performed below steps for postgraphql https configuration and I am getting below error. pleae advise to resolve this issue.
root@ip-10-82-2-118 postgraphqltest]# npm install -g postgraphile
/usr/bin/postgraphile -> /usr/lib/node_modules/postgraphile/build/postgraphile/cli.js

• [email protected]
  updated 1 package in 4.665s
  [root@ip-10-82-2-118 postgraphqltest]# cat https_server.js

const https = require("https");
const { postgraphile } = require("postgraphile");

const options = {
key: fs.readFileSync('/u01/postgraphqltest/coip.key'),
cert: fs.readFileSync('/u01/postgraphqltest/coip.crt')
}

https
.createServer(options,
postgraphile("postgres://odm:[email protected]:5444/dev2pg")
)
.listen(5002);

[root@ip-10-82-2-118 postgraphqltest]# node https_server.js
module.js:471
throw err;
^

Error: Cannot find module 'postgraphile'
at Function.Module._resolveFilename (module.js:469:15)
at Function.Module._load (module.js:417:25)
at Module.require (module.js:497:17)
at require (internal/module.js:20:19)
at Object. (/u01/postgraphqltest/https_server.js:3:26)
at Module._compile (module.js:570:32)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)
at Function.Module._load (module.js:438:3)
[root@ip-10-82-2-118 postgraphqltest]# ^C
[root@ip-10-82-2-118 postgraphqltest]#

Remove the -g: “npm install postgraphile”. The “global” install is for running the CLI.

we are getting below error. pleae advise it.
[root@ip-10-82-2-118 postgraphqltest]# npm install postgraphile
npm WARN [email protected] No description
npm WARN [email protected] No repository field.

• [email protected]
  added 38 packages, removed 1 package and updated 1 package in 7.184s
  [root@ip-10-82-2-118 postgraphqltest]# node https_server.js
  /u01/postgraphqltest/node_modules/postgraphile/build/postgraphile/postgraphile.js:40
  async function createGqlSchema() {
  ^^^^^^^^

SyntaxError: Unexpected token function
at createScript (vm.js:56:10)
at Object.runInThisContext (vm.js:97:10)
at Module._compile (module.js:542:28)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)
at Function.Module._load (module.js:438:3)
at Module.require (module.js:497:17)
at require (internal/module.js:20:19)
at Object. (/u01/postgraphqltest/node_modules/postgraphile/build/postgraphile/index.js:2:24)
[root@ip-10-82-2-118 postgraphqltest]#

What version of node -- you must have node V8.11 or higher .. ??

On Jul 31, 2018, at 3:38 AM, raja1206 notifications@github.com wrote:

we are getting below error. pleae advise it.
[root@ip-10-82-2-118 postgraphqltest]# npm install postgraphile
npm WARN [email protected] No description
npm WARN [email protected] No repository field.

[email protected]
added 38 packages, removed 1 package and updated 1 package in 7.184s
[root@ip-10-82-2-118 postgraphqltest]# node https_server.js
/u01/postgraphqltest/node_modules/postgraphile/build/postgraphile/postgraphile.js:40
async function createGqlSchema() {
^^^^^^^^
SyntaxError: Unexpected token function
at createScript (vm.js:56:10)
at Object.runInThisContext (vm.js:97:10)
at Module._compile (module.js:542:28)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)
at Function.Module._load (module.js:438:3)
at Module.require (module.js:497:17)
at require (internal/module.js:20:19)
at Object. (/u01/postgraphqltest/node_modules/postgraphile/build/postgraphile/index.js:2:24)
[root@ip-10-82-2-118 postgraphqltest]#

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/graphile/postgraphile/issues/450#issuecomment-409125919, or mute the thread https://github.com/notifications/unsubscribe-auth/AB8M7R03dYtxGmwMSGEWhRY8RP22SZpuks5uMAlygaJpZM4NGQBo.

i am getting below error. please advise it.
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ node https_server.js
/u01/postgraphqltest/https_server.js:6
key: fs.readFileSync('/u01/postgraphqltest/coip.key'),
^

ReferenceError: fs is not defined
at Object. (/u01/postgraphqltest/https_server.js:6:6)
at Module._compile (module.js:624:30)
at Object.Module._extensions..js (module.js:635:10)
at Module.load (module.js:545:32)
at tryModuleLoad (module.js:508:12)
at Function.Module._load (module.js:500:3)
at Function.Module.runMain (module.js:665:10)
at startup (bootstrap_node.js:201:16)
at bootstrap_node.js:626:3
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ cat https_server.js

const https = require("https");
const { postgraphile } = require("postgraphile");

const options = {
key: fs.readFileSync('/u01/postgraphqltest/coip.key'),
cert: fs.readFileSync('/u01/postgraphqltest/coip.crt')
}

https
.createServer(options, postgraphile("postgres://odwx:[email protected]:5444/dev2pg")
)
.listen(8002);

[devinfamdm@ip-10-82-2-118 postgraphqltest]

please find current version of node as below and please advise to resolve the below issue.
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ node -v
v8.5.0
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ node https_server.js
/u01/postgraphqltest/https_server.js:6
key: fs.readFileSync('/u01/postgraphqltest/coip.key'),
^

ReferenceError: fs is not defined
at Object. (/u01/postgraphqltest/https_server.js:6:6)
at Module._compile (module.js:624:30)
at Object.Module._extensions..js (module.js:635:10)
at Module.load (module.js:545:32)
at tryModuleLoad (module.js:508:12)
at Function.Module._load (module.js:500:3)
at Function.Module.runMain (module.js:665:10)
at startup (bootstrap_node.js:201:16)
at bootstrap_node.js:626:3
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ cat https_server.js

const https = require("https");
const { postgraphile } = require("postgraphile");

const options = {
key: fs.readFileSync('/u01/postgraphqltest/coip.key'),
cert: fs.readFileSync('/u01/postgraphqltest/coip.crt')
}

https
.createServer(options, postgraphile("postgres://odwx:[email protected]:5444/dev2pg")
)
.listen(8002);

[devinfamdm@ip-10-82-2-118 postgraphqltest]$

You need “const fs = require(‘fs’)” at the top of the file. (Beware smart quotes in this message, switch to straight quotes)

Hi All,
Picking this up for Raja. We added the fs const and we are no longer getting any errors - but the server also isn't coming up. We don't get any log messages - the console just hangs. I thought it might have something to do with the https setup, so we're just trying to get an http server up and running first. I am having the same issue with http - after execution "node http_server.js" - it just sits there with no messages. We thought this might be an issue with postgraphile, so we tried with postgraphql as well. Here is the current script:

const fs = require("fs");
const http = require("http");
const { postgraphql } = require("postgraphql");
const schemaName="odwstg";

http
.createServer(postgraphql("postgres://odwx:[email protected]:5444/dev2pg", schemaName)
)
.listen(5001,()=>console.log('Running on port 5001'));

We added the schemaname parameter thinking that was the issue. Even without schemaname passed - it still hangs. Not entirely sure what schema it is trying to use if a schema isn't specified though.

What are we doing wrong? Is there a log being created somewhere that can give us more info?

It sounds like the server is running fine; you can add your own console logs. If you load http://localhost:5000/graphiql in your browser then assuming you have graphiql:true in your options then it should work. You’re probably best talking to a developer who knows how to develop in Node.js if you want to use the library version (it’s a Node.js library), alternatively please use something else to perform SSL termination such as nginx.

unable to open below https url even thougn node https.js is running port 8022
URL: https://10.82.2.118:8022/graphiql

[devinfamdm@ip-10-82-2-118 postgraphqltest]$ cat https_server.js
const fs = require("fs");
const https = require("https");
const { postgraphql } = require("postgraphql");

const options = {
key: fs.readFileSync('/u01/postgraphqltest/key.pem'),
cert: fs.readFileSync('/u01/postgraphqltest/cert.pem'),
graphiql: true
};

const schemaName = "odwstg";

https
.createServer(postgraphql("postgres://odwx:[email protected]:5444/dev2pg", schemaName, options)
)
.listen(8022,()=>console.log('Running on port 8022'));

[devinfamdm@ip-10-82-2-118 postgraphqltest]$ node https_server.js
Running on port 8022

Seems like a networking or firewall issue since you’re not using localhost.

Port is listenaing in server but unable to open( https://10.82.2.118:8022/graphiql)

[devinfamdm@ip-10-82-2-118 postgraphqltest]$ netstat -nap |grep 8022
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 :::8022 :::* LISTEN 3368/node
[devinfamdm@ip-10-82-2-118 postgraphqltest]$

Yep, inferred that from the code/console. Seems like a networking or firewall issue on your server.

I able to coneect the server by using telnet. please advise to us how will find cause of network or firewall issue in server.

[devinfamdm@ip-10-82-2-118 ~]$ telnet 10.82.2.118 8022
Trying 10.82.2.118...
Connected to 10.82.2.118.
Escape character is '^]'.
Connection closed by foreign host.
[devinfamdm@ip-10-82-2-118 ~]$

telnet doesn't use https (obviously) ...

How exactly are you trying to access the https end-point of graphiql ?? What OS are you running on?

Your test below is also not valid since it appears you are doing the telnet to the same host as the server is running (if your command prompt is any indication) ...

How about if you try to telnet from a DIFFERENT host to that one?

How about trying wget or curl to https://10.82.2.118:8022/graphiql both from the same machine and also from a different machine..

If this is a Linux box -- read up on whatever flavor linux "firewall" you may have and disable it (the commands will be different depending on flavor of Linux).

Also, what environment is this? AWS? Digital Ocean or home grown in a VM ??

Lots of things to debug

On Aug 2, 2018, at 7:24 AM, raja1206 notifications@github.com wrote:

I able to coneect the server by using telnet. please advise to us how will find cause of network or firewall issue in server.

[devinfamdm@ip-10-82-2-118 ~]$ telnet 10.82.2.118 8022
Trying 10.82.2.118...
Connected to 10.82.2.118.
Escape character is '^]'.
Connection closed by foreign host.
[devinfamdm@ip-10-82-2-118 ~]$

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/graphile/postgraphile/issues/450#issuecomment-409894204, or mute the thread https://github.com/notifications/unsubscribe-auth/AB8M7QXYX5-2x0IasbkyrCeal2eNGyQsks5uMuFkgaJpZM4NGQBo.

please find below updates for yours questions.

1)How exactly are you trying to access the https end-point of graphiql ?

https://10.82.2.118:8022/graphiql

2)What OS are you running on?

[devinfamdm@ip-10-82-2-118 ~]$ cat /etc/*-release
LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Red Hat Enterprise Linux Server release 6.10 (Santiago)
Red Hat Enterprise Linux Server release 6.10 (Santiago)
[devinfamdm@ip-10-82-2-118 ~]$

3)How about if you try to telnet from a DIFFERENT host to that one?

[devinfamdm@ip-10-82-2-118 ~]$ hostname -i
10.82.2.118
[devinfamdm@ip-10-82-2-118 ~]$ telnet 10.82.6.112 22
Trying 10.82.6.112...
Connected to 10.82.6.112.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
^C
Connection closed by foreign host.

other mahcine:

[enterprisedb@alsc_dev_db ~]$ hostname -i
10.82.6.112
[enterprisedb@alsc_dev_db ~]$ wget https://10.82.2.118:8022/graphiql
--2018-08-02 07:56:53-- https://10.82.2.118:8022/graphiql
Connecting to 10.82.2.118:8022... connected.
OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Unable to establish SSL connection.
[enterprisedb@alsc_dev_db ~]$

4)How about trying wget or curl to https://10.82.2.118:8022/graphiql both from the same machine and also from a different machine

devinfamdm@ip-10-82-2-118 ~]$ wget https://10.82.2.118:8022/graphiql
--2018-08-02 07:53:44-- https://10.82.2.118:8022/graphiql
Connecting to 10.82.2.118:8022... connected.
OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Unable to establish SSL connection.
[devinfamdm@ip-10-82-2-118 ~]$

5)Also, what environment is this? AWS? Digital Ocean or home grown in a VM ??

AWS

Well the good news is that we have eliminated any firewall / etc. type issue :)

BTW -- when I said "exactly" I meant exactly, not what URL you were using. If you run https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql on a Chrome browser that can access that sub-net -- what do you get?

For the wget error -- make sure wget is up to date (yum update to the latest) -- and then if still an error run "wget -v --debug https://xxxxxxx to get more output.. I think wget needs to be at 1.15 or so .. but again, the wget was just to debug ..

But in the end -- graphiql is made to run on a browser anyway ...

ANd of course -- are you sure your certs are all valid that you are using?

On Aug 2, 2018, at 8:02 AM, raja1206 notifications@github.com wrote:

please find below updates for yours questions.

1)How exactly are you trying to access the https end-point of graphiql ?

https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql
2)What OS are you running on?

[devinfamdm@ip-10-82-2-118 ~]$ cat /etc/*-release
LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Red Hat Enterprise Linux Server release 6.10 (Santiago)
Red Hat Enterprise Linux Server release 6.10 (Santiago)
[devinfamdm@ip-10-82-2-118 ~]$

3)How about if you try to telnet from a DIFFERENT host to that one?

[devinfamdm@ip-10-82-2-118 ~]$ hostname -i
10.82.2.118
[devinfamdm@ip-10-82-2-118 ~]$ telnet 10.82.6.112 22
Trying 10.82.6.112...
Connected to 10.82.6.112.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
^C
Connection closed by foreign host.

other mahcine:

[enterprisedb@alsc_dev_db ~]$ hostname -i
10.82.6.112
[enterprisedb@alsc_dev_db ~]$ wget https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql
--2018-08-02 07:56:53-- https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql
Connecting to 10.82.2.118:8022... connected.
OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Unable to establish SSL connection.
[enterprisedb@alsc_dev_db ~]$

4)How about trying wget or curl to https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql both from the same machine and also from a different machine

devinfamdm@ip-10-82-2-118 ~]$ wget https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql
--2018-08-02 07:53:44-- https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql
Connecting to 10.82.2.118:8022... connected.
OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Unable to establish SSL connection.
[devinfamdm@ip-10-82-2-118 ~]$

5)Also, what environment is this? AWS? Digital Ocean or home grown in a VM ??

AWS

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/graphile/postgraphile/issues/450#issuecomment-409902698, or mute the thread https://github.com/notifications/unsubscribe-auth/AB8M7SeImFvMBD3X_uc1dYPrc7x4oYPcks5uMupxgaJpZM4NGQBo.

please find below udpates
1)BTW -- when I said "exactly" I meant exactly, not what URL you were using. If you run https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql on a Chrome browser that can access that sub-net -- what do you get?

Below errors based on browser while accing this URL(https://10.82.2.118:8022/graphiql)

IE browser error:

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://10.82.2.118:8022 again. If this error persists,
it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure.
Please contact your site administrator.

chrome browser error:

This site can’t provide a secure connection
10.82.2.118 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

2)or the wget error -- make sure wget is up to date (yum update to the latest) -- and then if still an error run "wget -v --debug https://xxxxxxx to get more output.. I think wget needs to be at 1.15 or so .. but again, the wget was just to debug ..

[devinfamdm@ip-10-82-2-118 ~]$ wget -v --debug https://10.82.2.118:8022/graphiql
DEBUG output created by Wget 1.12 on linux-gnu.

--2018-08-02 08:53:41-- https://10.82.2.118:8022/graphiql
Connecting to 10.82.2.118:8022... connected.
Created socket 3.
Releasing 0x000000000188f760 (new refcount 0).
Deleting unused 0x000000000188f760.
Initiating SSL handshake.
SSL handshake failed.
OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Closed fd 3
Unable to establish SSL connection.
[devinfamdm@ip-10-82-2-118 ~]$

Can you update wget to 1.14_2 or 1.15 -- as I indicated that is the newest minimum version of wget for the new SSL stuff to work ...

And what version of IE? Can you try the latest Chrome browser?

On Aug 2, 2018, at 8:56 AM, raja1206 notifications@github.com wrote:

please find below udpates
1)BTW -- when I said "exactly" I meant exactly, not what URL you were using. If you run https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql on a Chrome browser that can access that sub-net -- what do you get?

Below errors based on browser while accing this URL(https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql)

IE browser error:

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://10.82.2.118:8022 https://10.82.2.118:8022/ again. If this error persists,
it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure.
Please contact your site administrator.

chrome browser error:

This site can’t provide a secure connection
10.82.2.118 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

2)or the wget error -- make sure wget is up to date (yum update to the latest) -- and then if still an error run "wget -v --debug https://xxxxxxx https://xxxxxxx/ to get more output.. I think wget needs to be at 1.15 or so .. but again, the wget was just to debug ..

[devinfamdm@ip-10-82-2-118 ~]$ wget -v --debug https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql
DEBUG output created by Wget 1.12 on linux-gnu.

--2018-08-02 08:53:41-- https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql
Connecting to 10.82.2.118:8022... connected.
Created socket 3.
Releasing 0x000000000188f760 (new refcount 0).
Deleting unused 0x000000000188f760.
Initiating SSL handshake.
SSL handshake failed.
OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Closed fd 3
Unable to establish SSL connection.
[devinfamdm@ip-10-82-2-118 ~]$

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/graphile/postgraphile/issues/450#issuecomment-409916433, or mute the thread https://github.com/notifications/unsubscribe-auth/AB8M7aArZeAZvtYS_imIc60h6BeCk6aeks5uMvb8gaJpZM4NGQBo.

Hi All,

Thanks for the help so far. We will try updating to the latest version of wget but it seems to me like we have an issue witth they key/certs. We generated the self signed key and cert using the openssl:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Any idea if openssl is generating the correct type of key and cert files which can be used with our postgraphql server?

You may want to verify the version of openssl you are running and also make sure it's to the very latest .. If your wget is any indication your openssl maybe way out of date as well ... Especially with self-signed certs etc.

Out of curisoity -- why aren't you running RHEL 7 .. 6 is pretty (very) old and lots of old stuff in it etc. Old kernel, etc. Things like docker, etc. won't run very well on it..

On Aug 2, 2018, at 10:14 AM, tommyhonahan notifications@github.com wrote:

Hi All,

Thanks for the help so far. We will try updating to the latest version of wget but it seems to me like we have an issue witth they key/certs. We generated the self signed key and cert using the openssl:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Any idea if openssl is generating the correct type of key and cert files which can be used with our postgraphql server?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/graphile/postgraphile/issues/450#issuecomment-409941048, or mute the thread https://github.com/notifications/unsubscribe-auth/AB8M7UVg-71FrL635o-dMYnRWenjNzHBks5uMwkygaJpZM4NGQBo.

Yep you're right... openssl appears to be very old. We will update to the latest and give it a try. We have many different applications/databases installed on our AWS machines that are running on RHEL6. They were stood up ~2 years ago. We were told upgrading to RHEL7 will require a reinstall/reconfig of everything so we've been putting it off..

Well adding graphql services appears to be a NEW application .. so perhaps standing up a micro/small Centos/RHEL 7 instance to test/try etc. (and heck, maybe even run) could be a good investment?

Maybe a good toe in the water to an eventual upgrade of the whole stack .. but certainly new functionality should look at being run on it..

On Aug 2, 2018, at 10:57 AM, tommyhonahan notifications@github.com wrote:

Yep you're right... openssl appears to be very old. We will update to the latest and give it a try. We have many different applications/databases installed on our AWS machines that are running on RHEL6. They were stood up ~2 years ago. We were told upgrading to RHEL7 will require a reinstall/reconfig of everything so we've been putting it off..

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/graphile/postgraphile/issues/450#issuecomment-409955834, or mute the thread https://github.com/notifications/unsubscribe-auth/AB8M7Q8uZ_0HG5gUrsFE1UcU9tqloGxwks5uMxNygaJpZM4NGQBo.

we have update openssl to latest verion and we generated new keys by using below statment but still unable to browse the https URL(https://10.82.2.118:8022/graphiql)

openssl req -newkey rsa:2048 -nodes -keyout sym.key -x509 -days 365 -out sym.crt

[devinfamdm@ip-10-82-2-118 postgraphqltest]$ nohup node https_server.js &
[1] 12548
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ nohup: ignoring input and appending output to `nohup.out'

[devinfamdm@ip-10-82-2-118 postgraphqltest]$ cat nohup.out
Running on port 8022
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ openssl version
OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018
[devinfamdm@ip-10-82-2-118 postgraphqltest]$
Error message in chrome Browse while acces https URL:

This site can’t provide a secure connection
10.82.2.118 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

Did you update wget to 1.14_ + and run with a -v --debug to the same URL to get more information?

On Aug 3, 2018, at 7:09 AM, raja1206 notifications@github.com wrote:

we have update openssl to latest verion and we generated new keys by using below statment but still unable to browse the https URL(https://10.82.2.118:8022/graphiql https://10.82.2.118:8022/graphiql)

openssl req -newkey rsa:2048 -nodes -keyout sym.key -x509 -days 365 -out sym.crt

[devinfamdm@ip-10-82-2-118 postgraphqltest]$ nohup node https_server.js &
[1] 12548
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ nohup: ignoring input and appending output to `nohup.out'

[devinfamdm@ip-10-82-2-118 postgraphqltest]$ cat nohup.out
Running on port 8022
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ openssl version
OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018
[devinfamdm@ip-10-82-2-118 postgraphqltest]$
Error message in chrome Browse while acces https URL:

This site can’t provide a secure connection
10.82.2.118 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/graphile/postgraphile/issues/450#issuecomment-410221754, or mute the thread https://github.com/notifications/unsubscribe-auth/AB8M7ReXxYHXdqwVsEuKTRQmlFMTBCMZks5uNC9ugaJpZM4NGQBo.

We found the problem - we weren't passing the https/postgraphql options properly - had them mixed together. We can now access GraphiQL in https - but we are getting a CORS error from our React app. When we were using the CLI, we passed --cors to enable it. I saw a separate post that enableCors is the equivalent to --cors .. but it's still not working. Not sure if I'm using it properly (setting enableCors: true in the pgoptions). Is that the right way to use it? Or should I be doing something differently?

const fs = require("fs");
const https = require("https");
const { postgraphql } = require("postgraphql");

const options = {
key: fs.readFileSync('/u01/postgraphqltest/sym.key','utf8'),
cert: fs.readFileSync('/u01/postgraphqltest/sym.crt','utf8'),
graphiql: true,
enableCors: true
};

const pgoptions = {
graphiql: true,
enableCors: true
};

const schemaName = "odwstg";

https
.createServer(options, postgraphql("postgres://odwx:[email protected]:5444/dev2pg", schemaName, pgoptions)
)
.listen(8022,()=>console.log('Running on port 8022'));

Your "options" appears suspicious -- in that you have graphiql and enableCors there AND in pgoptions .

The one in pgoptions (both graphiql and enableCors) appears to be the correct method ..

Can you use Postman (or similar) and dump out the return headers and see if Access-Control-Allow-Origin is present (that's the CORS thing)

On Aug 3, 2018, at 12:29 PM, tommyhonahan notifications@github.com wrote:

We found the problem - we weren't passing the https/postgraphql options properly - had them mixed together. We can now access GraphiQL in https - but we are getting a CORS error from our React app. When we were using the CLI, we passed --cors to enable it. I saw a separate post that enableCors is the equivalent to --cors .. but it's still not working. Not sure if I'm using it properly (setting enableCors: true in the pgoptions). Is that the right way to use it? Or should I be doing something differently?

const fs = require("fs");
const https = require("https");
const { postgraphql } = require("postgraphql");

const options = {
key: fs.readFileSync('/u01/postgraphqltest/sym.key','utf8'),
cert: fs.readFileSync('/u01/postgraphqltest/sym.crt','utf8'),
graphiql: true,
enableCors: true
};

const pgoptions = {
graphiql: true,
enableCors: true
};

const schemaName = "odwstg";

https
.createServer(options, postgraphql("postgres://odwx:[email protected]:5444/dev2pg", schemaName, pgoptions)
)
.listen(8022,()=>console.log('Running on port 8022'));

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/graphile/postgraphile/issues/450#issuecomment-410306859, or mute the thread https://github.com/notifications/unsubscribe-auth/AB8M7QnuUIoaftcEvDa7PZfE9eQcKbJRks5uNHqDgaJpZM4NGQBo.

i am getting below error message. please advise it to resolve this issue.

[devinfamdm@ip-10-82-2-118 postgraphqltest]$ node https_server.js
/u01/postgraphqltest/https_server.js:19
https.use(cors());
^

TypeError: https.use is not a function
at Object. (/u01/postgraphqltest/https_server.js:19:7)
at Module._compile (module.js:624:30)
at Object.Module._extensions..js (module.js:635:10)
at Module.load (module.js:545:32)
at tryModuleLoad (module.js:508:12)
at Function.Module._load (module.js:500:3)
at Function.Module.runMain (module.js:665:10)
at startup (bootstrap_node.js:201:16)
at bootstrap_node.js:626:3
[devinfamdm@ip-10-82-2-118 postgraphqltest]$

Code:
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ cat https_server.js

const cors = require('cors');
const fs = require("fs");
const https = require("https");
const { postgraphql } = require("postgraphql");

const options = {
key: fs.readFileSync('/u01/postgraphqltest/sym.key','utf8'),
cert: fs.readFileSync('/u01/postgraphqltest/sym.crt','utf8')
};

const pgoptions = {
graphiql: true,
enableCors: true
};

const schemaName = "odwstg";

https.use(cors());

https
.createServer(options, postgraphql("postgres://odwx:[email protected]:5444/dev2pg", schemaName, pgoptions)
)
.listen(8022,()=>console.log('Running on port 8022'));

[devinfamdm@ip-10-82-2-118 postgraphqltest]$

Using simple http is no longer sufficient ..

You need an express server to use the .use and stuff ..

It’s not that much code to add . Plenty of google examples for a basic simple Express application ..

Also you want cors() BEFORE almost any other .use() when you do express.. order is important ..

Sent from my iPad

On Aug 7, 2018, at 6:28 AM, raja1206 notifications@github.com wrote:

i am getting below error message. please advise it to resolve this issue.

[devinfamdm@ip-10-82-2-118 postgraphqltest]$ node https_server.js
/u01/postgraphqltest/https_server.js:19
https.use(cors());
^

TypeError: https.use is not a function
at Object. (/u01/postgraphqltest/https_server.js:19:7)
at Module._compile (module.js:624:30)
at Object.Module._extensions..js (module.js:635:10)
at Module.load (module.js:545:32)
at tryModuleLoad (module.js:508:12)
at Function.Module._load (module.js:500:3)
at Function.Module.runMain (module.js:665:10)
at startup (bootstrap_node.js:201:16)
at bootstrap_node.js:626:3
[devinfamdm@ip-10-82-2-118 postgraphqltest]$

Code:
[devinfamdm@ip-10-82-2-118 postgraphqltest]$ cat https_server.js

const cors = require('cors');
const fs = require("fs");
const https = require("https");
const { postgraphql } = require("postgraphql");

const options = {
key: fs.readFileSync('/u01/postgraphqltest/sym.key','utf8'),
cert: fs.readFileSync('/u01/postgraphqltest/sym.crt','utf8')
};

const pgoptions = {
graphiql: true,
enableCors: true
};

const schemaName = "odwstg";

https.use(cors());

https
.createServer(options, postgraphql("postgres://odwx:[email protected]:5444/dev2pg", schemaName, pgoptions)
)
.listen(8022,()=>console.log('Running on port 8022'));

[devinfamdm@ip-10-82-2-118 postgraphqltest]$

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

We changed our server.js to use express instead of https. We have enabled cors in express, as well as in https.createserver. We also have enableCors set to true in our postgraphile options. When we try to hit the end point through apollo we still get the CORS error. If we don't use https and just run the app through express alone, we don't get the CORS error. Only when using https does it no longer work. Has anyone been able to get this working in the past?

Letting you know that I published starter project for backend development. It uses postgraphile as a library, based on Apollo Server 2.0 and leverages automated code generation and database schema migrations. Check it out here https://github.com/avkonst/graphql-postgraphile-typeorm-starter