Support HTTPS servers #679
Comments
|
From what I can see in here the express server that is created is http only. function setupExpress(express: Express, settings: SettingsInput): BaseServer {
const http = HTTP.createServer()
const settingsMerged = { ...defaultExtraSettingsInput, ...settings }
http.on('request', express)What about adding a possible setting in settings.change({
server: {
playground: true,
host: "https://localhost",
https: true,
httpsCert: {key: '/path/to/key.pem', cert: '/path/to/cert.crt' }
startMessage: info => {
settings.original.server.startMessage(info)
log.warn('piggy back message!')
},
},
})And then have something like the following (pseudo code): function setupExpress(express: Express, settings: SettingsInput): BaseServer {
let serv = HTTP.createServer()
if (setting?.server?.https) {
serv = HTTPS.createServer(settings.server.httpsCert);
}
const settingsMerged = { ...defaultExtraSettingsInput, ...settings }
serv.on('request', express)I think this should be an important implementation or have default support as deploying apps without https (ssl / tls) is a big security issue. |
jasonkuhrt
added
needs/discussion
jasonkuhrt
changed the title
|
We don't have cors bundled right now. See #380. I've renamed your issue to what the rest seems to be about. |
|
@jasonkuhrt Do you guys accept PR? If I have time over this weekend I might try to make a PR for this as supporting HTTPS is basis to secured client to server data protection. |
I think most people will have their cloud provider or deployment platform deal with HTTPS termination. It is often an ops concern, involves security policies at a company, low level, not a core responsibility of the app developer. Anyways, Nexus should not be blocking this one way or another. I'm just saying that I don't think its a mainstream use-case.
I think @Weakky and I need to decide on the API design first. |
|
@jasonkuhrt I'm not sure what you meant by https but since Nexus Server is the server its need to be configured to use https if you want any interaction between client and server. For example a React client connected to the nexus server can't use https as of now. |
|
Deploy Nexus to e.g. heroku, your client can get HTTPS without Nexus needing to launch an HTTPS server. |
|
We can't use Heroku as we are working directly with a ec2 environment on amazon. |
Yeah, but you could still put reverse proxies in front e.g. API Gateway. Not saying you can specifically in your case, but many users could. My point was never that Nexus doesn't need to not-block HTTPS, just that I don't think its going to be very common. We'll get to this soonish! |
can you guide me how to setup HTTPS server with graphql? |
We haven't migrated to the new version yet as this is not yet implemented we can't move the whole architecture. |
so is there any way to setup HTTPS on graphQL? |
Please use google. There are already many resources explaining that. you can also use stackoverflow. This is for reporting bugs or asking features. |
Uh oh!
There was an error while loading. Please reload this page.
Before I was using Nexus Schema and had the following configuration:
I Have tried modifying the express settings to integrate the options but this had no success:
I have also tried removing
host: "https://localhost",with no success.The text was updated successfully, but these errors were encountered: