Hello! I am working with a Apache proxy infront of...
# announcements
Hello! I am working with a Apache proxy infront of dagit. And for dagit it self it works great, however, the graphql playground doesn't. I can reach the page but it fails to connect to the websocket. For some reason the authorization header isn't included in the request to the graphql websocket. If I manually add the header using the http headers tab in the graphql interface, it works great. Do you think this might be a issue with how the graphql playground handles headers? I can't seem to find a setting for Apache which resolves the issue at least. And it seems to be working for all other dagit pages.
Forgot to mention. I am running on 0.11.1
hi fredrik, i had some issues with this on nginx, im not sure the settings on apache, but here is my nginx config file:
Copy code
user root;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    multi_accept on;

http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;

    server {
        listen 80;
        root   /usr/share/nginx/html;

        # Dagster Proxy
        location / {
            # Auth Settings
            auth_basic           "Access Restricted";
            auth_basic_user_file /etc/nginx/.htpasswd;
            proxy_http_version 1.1;
            proxy_pass_request_headers on;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Accept-Encoding "";
            proxy_pass <http://localhost:3000>;
            # more_set_input_headers 'Authorization: $http_authorization';
iirc, the main issue was the Upgrade stuff.
Thanks, I will take a look. The interesting part is that dagit can connect to the websocket, it's just the graphql playground which can't . Also all requests from the graphql playground except the websocket contains the authorization header. But it might still be something which breaks in the upgrade part.
Hi Fredrik, it's not the answer you expect but you should give a try to caddy in replacement of nginx/apache. It's really simple to configure, manage ssl certificates without conf, and since I switched, I've avoid all theses kind of problems (I have a caddy in front of dagster in 3 or 4 client's configurations)
Thanks for the tip, unfortunately I'm not sure if I can make the switch.
The funny thing is that after digging around some more, this might be an issue with the GraphiQL web-application. It seems like it doesn't handle headers very well. Looking at GitHub others seem to have had issues with Auth as well. The solution seem to be what I stumbled upon, using the header editor.
@Nicolas Galland Do you perhaps have a sample Dockerfile using https://caddyserver.com/ as a reverse proxy for Dagit you can share?
hi @mrdavidlaing! Nothing special in the dockerfile. just think to specify localhost in the dockercompose file like this :
thankyou 1
and a minimal Caddyfile should look like this :
(https is by default with caddy. It's what I like with it : default conf is really fine and it manages certificates, so you can have your server up in minutes)