-
rikinsk committed with hasura-bot 4 months ago1 parent 4f911547
Showing first 200 files as there are too many
-
-
-
-
-
-
-
assets/hasura_logo_primary_darkbg.png
-
assets/hasura_logo_primary_lightbg.png
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
1 - --- 2 - description: Secure the Hasura GraphQL endpoint 3 - keywords: 4 - - hasura 5 - - docs 6 - - deployment 7 - - https 8 - sidebar_position: 80 9 - --- 10 - 11 - # Enable HTTPS 12 - 13 - ## Setting up HTTPS 14 - 15 - Hasura GraphQL Engine does not handle SSL/TLS for your API. That means, 16 - Hasura GraphQL Engine cannot serve your API on an HTTPS URL. 17 - 18 - You should use a reverse proxy (like Nginx, Caddy, Kong, Traefik etc.) 19 - or the cloud provider's native load balancer SSL termination features to 20 - secure your API. 21 - 22 - ## Sample configurations 23 - 24 - Here are a few sample configurations for some popular proxies: 25 - 26 - ### [Nginx](https://nginx.org/en/docs/) 27 - 28 - Here is a sample `nginx.conf` to proxy requests to Hasura: 29 - 30 - ```nginx 31 - server { 32 - listen 80; 33 - listen 443 ssl; 34 - server_name hasura.<my-domain.com>; 35 - 36 - location / { 37 - proxy_pass http://localhost:8080/; 38 - proxy_http_version 1.1; 39 - proxy_set_header Upgrade $http_upgrade; 40 - proxy_set_header Connection "upgrade"; 41 - } 42 - } 43 - ``` 44 - 45 - Please note that setting up SSL is not covered in this guide. You can 46 - find more information at [Nginx docs](https://nginx.org/en/docs/http/configuring_https_servers.html). 47 - 48 - To serve Hasura with a URL prefix instead of a separate subdomain, use `location /hasura/` or similar. 49 - 50 - ### [Caddy](https://caddyserver.com/) 51 - 52 - Here is a sample `Caddyfile` to proxy requests to Hasura: 53 - 54 - ```bash 55 - hasura.<my-domain.com> { 56 - reverse_proxy localhost:8080 57 - } 58 - ``` 59 - 60 - Caddy has TLS provisioning built-in with Let's Encrypt or ZeroSSL. You can find the docs at [Caddy website](https://caddyserver.com/docs/automatic-https). 61 - 62 - In order to serve at a URL prefix, use the following configuration: 63 - 64 - ```bash 65 - <my-domain.com> { 66 - handle_path /hasura* { 67 - reverse_proxy localhost:8080 68 - } 69 - 70 - handle { 71 - # Fallback for otherwise unhandled requests 72 - } 73 - } 74 - ``` 75 - 76 - ### [Traefik](https://doc.traefik.io/traefik/) 77 - 78 - Here are sample `traefik.toml` and `traefik-dynamic.toml` files to proxy requests to Hasura: 79 - 80 - ```toml 81 - #traefik.toml 82 - 83 - [providers] 84 - [providers.file] 85 - filename = "traefik-dynamic.toml" 86 - 87 - [api] 88 - dashboard = true 89 - debug = true 90 - 91 - [entryPoints] 92 - [entryPoints.web] 93 - address = ":80" 94 - 95 - [entryPoints.web.http] 96 - [entryPoints.web.http.redirections] 97 - [entryPoints.web.http.redirections.entryPoint] 98 - to = "web-secure" 99 - scheme = "https" 100 - 101 - [entryPoints.web-secure] 102 - address = ":443" 103 - 104 - [certificatesResolvers.sample.acme] 105 - email = "[email protected]" 106 - storage = "acme.json" 107 - 108 - [certificatesResolvers.sample.acme.httpChallenge] 109 - # used during the challenge 110 - entryPoint = "web" 111 - ``` 112 - 113 - ```toml 114 - #traefik-dynamic.toml 115 - 116 - [http] 117 - [http.routers] 118 - [http.routers.my-router] 119 - rule = "Host(`hasura.example.com`)" 120 - service = "hasura" 121 - entryPoints = ["web-secure"] 122 - [http.routers.my-router.tls] 123 - certResolver = "sample" 124 - 125 - [http.services] 126 - [http.services.hasura.loadbalancer] 127 - [[http.services.hasura.loadbalancer.servers]] 128 - url = "http://127.0.0.1:5000" 129 - ``` 130 - 131 - In order to serve at a URL prefix, use the following configuration: 132 - 133 - ```toml 134 - #traefik-dynamic.toml 135 - ... 136 - 137 - [http.routers] 138 - [http.routers.my-router] 139 - rule = "Host(`example.com`) && Path(`/hasura`))" 140 - service = "hasura" 141 - entryPoints = ["web-secure"] 142 - [http.routers.my-router.tls] 143 - certResolver = "sample" 144 - 145 - ... 146 - ``` 147 - 148 - Please note that setting up SSL is not covered in this guide. You can 149 - find more information at the [Traefik docs](https://doc.traefik.io/traefik/https/overview). 150 - -
-
-
1 + --- 2 + description: 3 + 'Learn how to configure Hasura to run behind a proxy for enhanced security and efficient API management. This guide 4 + covers setup for Nginx, Caddy, Kong, and Traefik proxies.' 5 + keywords: 6 + - hasura configuration 7 + - proxy setup 8 + - graphql engine 9 + - ssl termination 10 + - nginx hasura 11 + - caddy proxy 12 + - kong reverse proxy 13 + - traefik configuration 14 + sidebar_position: 80 15 + seoFrontMatterUpdated: true 16 + --- 17 + 18 + # Running Behind a Proxy 19 + 20 + ## Introduction 21 + 22 + In environments where direct internet access is restricted or for enhanced security measures, running Hasura GraphQL 23 + Engine behind a proxy is often a necessity. This approach is essential for enterprises that control and monitor internet 24 + traffic through a proxy server. By configuring Hasura to run behind a proxy, you can manage and secure access to your 25 + API efficiently. 26 + 27 + While Hasura GraphQL Engine itself does not handle proxy settings, it can be configured to work seamlessly behind 28 + various popular proxy servers. This guide illustrates several examples for setting up a reverse proxy, such as Nginx, 29 + Caddy, Kong, or Traefik, to handle requests to and from your Hasura GraphQL Engine. You can find more solution-specific 30 + details on the proxy server's documentation. 31 + 32 + By using a reverse proxy, you can enforce security policies, perform SSL termination, and manage traffic effectively, 33 + ensuring that your Hasura API remains secure and accessible within your network infrastructure. 34 + 35 + ## Setting up a proxy 36 + 37 + Configuring your Hasura GraphQL Engine to work behind a proxy involves setting up the proxy server to forward requests 38 + to Hasura and, optionally, handle SSL/TLS termination. Here are some sample configurations for popular proxies that you 39 + can use as a starting point: 40 + 41 + ### [Nginx](https://nginx.org/en/docs/) 42 + 43 + Here is a sample `nginx.conf` to proxy requests to Hasura: 44 + 45 + ```nginx 46 + server { 47 + listen 80; 48 + listen 443 ssl; 49 + server_name hasura.<my-domain.com>; 50 + 51 + location / { 52 + proxy_pass http://localhost:8080/; 53 + proxy_http_version 1.1; 54 + proxy_set_header Upgrade $http_upgrade; 55 + proxy_set_header Connection "upgrade"; 56 + } 57 + } 58 + ``` 59 + 60 + The example above directs Nginx to listen on ports `80` and `443` for HTTP and HTTPS requests respectively on the 61 + subdomain `hasura.<my-domain.com>`. The `proxy_pass` directive forwards requests to Hasura GraphQL Engine running on 62 + port 8080. 63 + 64 + :::info Server via a URL prefix 65 + 66 + To serve Hasura with a URL prefix instead of a separate subdomain, use `location /hasura/` or similar. 67 + 68 + ::: 69 + 70 + ### [Caddy](https://caddyserver.com/) 71 + 72 + Here is a sample `Caddyfile` to proxy requests to Hasura: 73 + 74 + ```bash 75 + hasura.<my-domain.com> { 76 + reverse_proxy localhost:8080 77 + } 78 + ``` 79 + 80 + In order to serve at a URL prefix, use the following configuration: 81 + 82 + ```bash 83 + <my-domain.com> { 84 + handle_path /hasura* { 85 + reverse_proxy localhost:8080 86 + } 87 + } 88 + ``` 89 + 90 + ### [Traefik](https://doc.traefik.io/traefik/) 91 + 92 + Here are sample `traefik.toml` and `traefik-dynamic.toml` files to proxy requests to Hasura: 93 + 94 + ```toml 95 + #traefik.toml 96 + 97 + [providers] 98 + [providers.file] 99 + filename = "traefik-dynamic.toml" 100 + 101 + [api] 102 + dashboard = true 103 + debug = true 104 + 105 + [entryPoints] 106 + [entryPoints.web] 107 + address = ":80" 108 + 109 + [entryPoints.web.http] 110 + [entryPoints.web.http.redirections] 111 + [entryPoints.web.http.redirections.entryPoint] 112 + to = "web-secure" 113 + scheme = "https" 114 + 115 + [entryPoints.web-secure] 116 + address = ":443" 117 + 118 + [certificatesResolvers.sample.acme] 119 + email = "[email protected]" 120 + storage = "acme.json" 121 + 122 + [certificatesResolvers.sample.acme.httpChallenge] 123 + # used during the challenge 124 + entryPoint = "web" 125 + ``` 126 + 127 + ```toml 128 + #traefik-dynamic.toml 129 + 130 + [http] 131 + [http.routers] 132 + [http.routers.my-router] 133 + rule = "Host(`hasura.example.com`)" 134 + service = "hasura" 135 + entryPoints = ["web-secure"] 136 + [http.routers.my-router.tls] 137 + certResolver = "sample" 138 + 139 + [http.services] 140 + [http.services.hasura.loadbalancer] 141 + [[http.services.hasura.loadbalancer.servers]] 142 + url = "http://127.0.0.1:5000" 143 + ``` 144 + 145 + In order to serve at a URL prefix, use the following configuration: 146 + 147 + ```toml 148 + #traefik-dynamic.toml 149 + ... 150 + 151 + [http.routers] 152 + [http.routers.my-router] 153 + rule = "Host(`example.com`) && Path(`/hasura`))" 154 + service = "hasura" 155 + entryPoints = ["web-secure"] 156 + [http.routers.my-router.tls] 157 + certResolver = "sample" 158 + 159 + ... 160 + ``` 161 + -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
docs/static/img/databases/data-connector/connect-final.png
-
docs/static/img/databases/postgres/dynamic-secrets/dynamic-secrets.png
-
docs/static/img/migrations-metadata-seeds/metadata-reset.png
-
-
-
-
-
-
-
-
-
-
frontend/libs/console/legacy-ce/src/lib/features/ConnectDBRedesign/graphics/db-logos/clickhouse.svg
-
-
-
-
frontend/libs/console/legacy-ce/src/lib/features/ConnectDBRedesign/graphics/db-logos/trino.svg
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
frontend/yarn.lockUnable to diff as the file is too large.
-
-
-
-
skipped 18 lines 19 19 PGADMIN_DEFAULT_EMAIL: [email protected] 20 20 PGADMIN_DEFAULT_PASSWORD: admin 21 21 graphql-engine: 22 - image: hasura/graphql-engine:v2.36.0 22 + image: hasura/graphql-engine:v2.37.0 23 23 ports: 24 24 - "8080:8080" 25 25 depends_on: skipped 17 lines -
-
-
-
-
-
-
-
-
-
-
-
-
rfcs/v3/command-mutations/basic.jpg
-
rfcs/v3/command-mutations/non-blocking.jpg
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-