19913d85-f662-4518-a9a1-7adc1793dfd4.png){kind=small}
Channels
#announcements
Title
f
Fredrik Bengtsson
03/30/2021, 2:12 PMHello!
I am working with a Apache proxy infront of dagit. And for dagit it self it works great, however, the graphql playground doesn't. I can reach the page but it fails to connect to the websocket. For some reason the authorization header isn't included in the request to the graphql websocket. If I manually add the header using the http headers tab in the graphql interface, it works great.
Do you think this might be a issue with how the graphql playground handles headers?
I can't seem to find a setting for Apache which resolves the issue at least. And it seems to be working for all other dagit pages.
Forgot to mention. I am running on 0.11.1
b
Brian Abelson
03/30/2021, 2:15 PMhi fredrik, i had some issues with this on nginx, im not sure the settings on apache, but here is my nginx config file:
Copy code
user root;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
multi_accept on;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
root /usr/share/nginx/html;
# Dagster Proxy
location / {
##
# Auth Settings
##
auth_basic "Access Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
proxy_pass <http://localhost:3000>;
# more_set_input_headers 'Authorization: $http_authorization';
}
}
}iirc, the main issue was the Upgrade stuff.
f
Fredrik Bengtsson
03/30/2021, 2:20 PMThanks, I will take a look. The interesting part is that dagit can connect to the websocket, it's just the graphql playground which can't . Also all requests from the graphql playground except the websocket contains the authorization header.
But it might still be something which breaks in the upgrade part.
n
Nicolas Galland
03/30/2021, 2:41 PMHi Fredrik, it's not the answer you expect but you should give a try to caddy in replacement of nginx/apache. It's really simple to configure, manage ssl certificates without conf, and since I switched, I've avoid all theses kind of problems (I have a caddy in front of dagster in 3 or 4 client's configurations)
f
Fredrik Bengtsson
03/30/2021, 2:43 PMThanks for the tip, unfortunately I'm not sure if I can make the switch.
The funny thing is that after digging around some more, this might be an issue with the GraphiQL web-application. It seems like it doesn't handle headers very well. Looking at GitHub others seem to have had issues with Auth as well. The solution seem to be what I stumbled upon, using the header editor.
m
mrdavidlaing
03/30/2021, 4:22 PM@Nicolas Galland Do you perhaps have a sample Dockerfile using https://caddyserver.com/ as a reverse proxy for Dagit you can share?
n
Nicolas Galland
03/31/2021, 9:19 AMhi @mrdavidlaing! Nothing special in the dockerfile. just think to specify localhost in the dockercompose file like this :
thankyou 1
and a minimal Caddyfile should look like this :
(https is by default with caddy. It's what I like with it : default conf is really fine and it manages certificates, so you can have your server up in minutes)
12 Views