HTTPS

[Gipphe]

Are there any plans to implement an HTTPS setup? As it currently stands, it is (as far as I can tell) no way to initialize GraphQLServer with HTTPS, or the https module for that matter.

[orefalo]

IMHO, not required: can be easily done with a proxy. I will also argue a DMZ is required in a proper architecture.

IT is all above divide and conquer...

[kachkaev]

@Gipphe even if HTTPS becomes a part of GraphQL yoga, you'll still need it for other parts of your app (such as web frontend). The easiest way to enable HTTPS for all your workload is to run a reverse-proxy such as traefik in front all of them.

[douglaseggleton]

I had to run HTTPS everywhere which meant I ended up not using yoga due to this. It would have been a great help at the time. However, the service is running in a docker swarm - perhaps a proxy was the right answer. 🐢

[kachkaev]

@douglaseggleton a proxy is the answer indeed. Without it, your apps have has to sit in their own domain because HTTPS certs are managed independently. With a ‘switchboard container’ that sits in front of all your Node.js apps (e.g. traefik) you can have https://example.com resolved to your frontend while https://example.com/graphql pointing to your GraphQL backend. Both microservices will be the same valid HTTPS cert and it will be even auto-renewed by the reverse-proxy once needed.

[schickling]

While I completely agree that using a proxy is the preferred solution (especially given today's cloud offering like AWS API Gateway, now etc), I still think that this shouldn't be a entry barrier/blocker for people like @douglaseggleton or @Gipphe.

Let's try to see whether we can also support HTTPS without making graphql-yoga more complicated to use/understand. Does someone have some API suggestions?

[douglaseggleton]

This could be passed as a property to the start method to have the option to create a secure server instance. 💫

i.e.

server.start({
  ...opts,
  https: {
    key: fs.readFileSync(keyPath),
    cert: fs.readFileSync(certPath)
  }
});

e.g. douglaseggleton@c9252cf

[Gipphe]

While a reverse-proxy would certainly be a solution, we have a desire to keep everything on HTTPS internally as well, preferably without having to use a reverse-proxy internally for each service. We are gradually replacing and "prettying up" old APIs with GraphQL implementations at our place, so I thank you for taking this into consideration, even though it fits only a very small subset of use-cases in today's IT world.

[schickling]

@Gipphe fully agree! 👍

@douglaseggleton this looks great! Can you submit a PR for this?

[trixobird]

this seems that is not working in version 5

[ardatan]

Could you please create a new issue with a reproduction @trixobird