Skip to content

Support HTTPS servers #679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
crimson-med opened this issue Apr 17, 2020 · 12 comments
Open

Support HTTPS servers #679

crimson-med opened this issue Apr 17, 2020 · 12 comments
Labels
needs/discussion Open-ended conversation about something (ideation, design, analysis, ...) scope/server Related to the server component type/feat Add a new capability or enhance an existing one

Comments

@crimson-med
Copy link

crimson-med commented Apr 17, 2020

Before I was using Nexus Schema and had the following configuration:

let options: any = {
    cors: {
        credentials: true,
        origin: ["https://localhost:3000", "https://127.0.0.1:3000", "http://127.0.0.1:4000", "http://localhost:4000"],
        methods: ['GET', 'PUT', 'POST', 'OPTIONS']
    },
    https: {
        key: fs.readFileSync("./../local.cert/localhost+1-key.pem"),
        cert: fs.readFileSync("./../local.cert/localhost+1.pem")
      }
}

new GraphQLServer({ schema, context: createContext }).start(options, () =>
    console.log(
        `🚀 Server ready at: https://localhost:4000\n⭐️ See sample queries: http://pris.ly/e/ts/graphql#5-using-the-graphql-api`,
    ),
)

I Have tried modifying the express settings to integrate the options but this had no success:

let options: any = {
    cors: {
        credentials: true,
        origin: ["https://localhost:3000", "https://127.0.0.1:3000", "http://127.0.0.1:4000", "http://localhost:4000"]
        methods: ['GET', 'PUT', 'POST', 'OPTIONS']
    },
    https: {
        key: fs.readFileSync("./../local.cert/localhost+1-key.pem"),
        cert: fs.readFileSync("./../local.cert/localhost+1.pem")
      }
}
server.express.settings(options);
settings.change({
    logger: {
      level: 'trace',
    },
    server: {
        playground: true,
        host: "https://localhost",
      startMessage: info => {
        settings.original.server.startMessage(info)
        log.warn('piggy back message!')
      },
    },
  })

I have also tried removing host: "https://localhost", with no success.

@crimson-med crimson-med added the type/bug Something is not working the way it should label Apr 17, 2020
@crimson-med
Copy link
Author

crimson-med commented Apr 20, 2020

From what I can see in here the express server that is created is http only.
in `nexus/src/runtime/server.ts

function setupExpress(express: Express, settings: SettingsInput): BaseServer {
  const http = HTTP.createServer()
  const settingsMerged = { ...defaultExtraSettingsInput, ...settings }
  http.on('request', express)

What about adding a possible setting in server for instance:

settings.change({
    server: {
        playground: true,
        host: "https://localhost",
       https: true,
       httpsCert: {key: '/path/to/key.pem', cert: '/path/to/cert.crt' }
      startMessage: info => {
        settings.original.server.startMessage(info)
        log.warn('piggy back message!')
      },
    },
  })

And then have something like the following (pseudo code):

function setupExpress(express: Express, settings: SettingsInput): BaseServer {
  let serv = HTTP.createServer()
  if (setting?.server?.https) {
    serv = HTTPS.createServer(settings.server.httpsCert);
  }
  const settingsMerged = { ...defaultExtraSettingsInput, ...settings }
  serv.on('request', express)

I think this should be an important implementation or have default support as deploying apps without https (ssl / tls) is a big security issue.

@jasonkuhrt jasonkuhrt added needs/discussion Open-ended conversation about something (ideation, design, analysis, ...) scope/server Related to the server component type/feat Add a new capability or enhance an existing one and removed type/bug Something is not working the way it should labels Apr 22, 2020
@jasonkuhrt jasonkuhrt changed the title Can't set https options of express via nexus server api Support HTTPS servers Apr 22, 2020
@jasonkuhrt
Copy link
Member

We don't have cors bundled right now. See #380.

I've renamed your issue to what the rest seems to be about.

@crimson-med
Copy link
Author

@jasonkuhrt Do you guys accept PR? If I have time over this weekend I might try to make a PR for this as supporting HTTPS is basis to secured client to server data protection.

@jasonkuhrt
Copy link
Member

jasonkuhrt commented Apr 23, 2020

as supporting HTTPS is basis to secured client to server data protection.

I think most people will have their cloud provider or deployment platform deal with HTTPS termination. It is often an ops concern, involves security policies at a company, low level, not a core responsibility of the app developer.

Anyways, Nexus should not be blocking this one way or another. I'm just saying that I don't think its a mainstream use-case.

Do you guys accept PR?

I think @Weakky and I need to decide on the API design first.

@crimson-med
Copy link
Author

@jasonkuhrt I'm not sure what you meant by https but since Nexus Server is the server its need to be configured to use https if you want any interaction between client and server. For example a React client connected to the nexus server can't use https as of now.

@jasonkuhrt
Copy link
Member

jasonkuhrt commented Apr 23, 2020

Deploy Nexus to e.g. heroku, your client can get HTTPS without Nexus needing to launch an HTTPS server.

@crimson-med
Copy link
Author

crimson-med commented Apr 23, 2020

We can't use Heroku as we are working directly with a ec2 environment on amazon.
For now we are still using Yoga which lets you curstomize cors and https with the graphql server.
But this means a lot of double defining using older version

@jasonkuhrt
Copy link
Member

jasonkuhrt commented Apr 23, 2020

working directly with a ec2 environment on amazon

Yeah, but you could still put reverse proxies in front e.g. API Gateway. Not saying you can specifically in your case, but many users could.

My point was never that Nexus doesn't need to not-block HTTPS, just that I don't think its going to be very common.

We'll get to this soonish!

@hassaantariq50
Copy link

We can't use Heroku as we are working directly with a ec2 environment on amazon.
For now we are still using Yoga which lets you curstomize cors and https with the graphql server.
But this means a lot of double defining using older version

can you guide me how to setup HTTPS server with graphql?

@crimson-med
Copy link
Author

We can't use Heroku as we are working directly with a ec2 environment on amazon.
For now we are still using Yoga which lets you curstomize cors and https with the graphql server.
But this means a lot of double defining using older version

can you guide me how to setup HTTPS server with graphql?

We haven't migrated to the new version yet as this is not yet implemented we can't move the whole architecture.

@hassaantariq50
Copy link

We can't use Heroku as we are working directly with a ec2 environment on amazon.
For now we are still using Yoga which lets you curstomize cors and https with the graphql server.
But this means a lot of double defining using older version

can you guide me how to setup HTTPS server with graphql?

We haven't migrated to the new version yet as this is not yet implemented we can't move the whole architecture.

so is there any way to setup HTTPS on graphQL?

@crimson-med
Copy link
Author

We can't use Heroku as we are working directly with a ec2 environment on amazon.
For now we are still using Yoga which lets you curstomize cors and https with the graphql server.
But this means a lot of double defining using older version

can you guide me how to setup HTTPS server with graphql?

We haven't migrated to the new version yet as this is not yet implemented we can't move the whole architecture.

so is there any way to setup HTTPS on graphQL?

Please use google. There are already many resources explaining that. you can also use stackoverflow. This is for reporting bugs or asking features.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs/discussion Open-ended conversation about something (ideation, design, analysis, ...) scope/server Related to the server component type/feat Add a new capability or enhance an existing one
Projects
None yet
Development

No branches or pull requests

3 participants