Fredrik Bengtsson

03/30/2021, 2:12 PM
Hello! I am working with a Apache proxy infront of dagit. And for dagit it self it works great, however, the graphql playground doesn't. I can reach the page but it fails to connect to the websocket. For some reason the authorization header isn't included in the request to the graphql websocket. If I manually add the header using the http headers tab in the graphql interface, it works great. Do you think this might be a issue with how the graphql playground handles headers? I can't seem to find a setting for Apache which resolves the issue at least. And it seems to be working for all other dagit pages.
Forgot to mention. I am running on 0.11.1

Brian Abelson

03/30/2021, 2:15 PM
hi fredrik, i had some issues with this on nginx, im not sure the settings on apache, but here is my nginx config file:
Copy code
user root;
worker_processes auto;
pid /run/;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    multi_accept on;

http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;

    server {
        listen 80;
        root   /usr/share/nginx/html;

        # Dagster Proxy
        location / {
            # Auth Settings
            auth_basic           "Access Restricted";
            auth_basic_user_file /etc/nginx/.htpasswd;
            proxy_http_version 1.1;
            proxy_pass_request_headers on;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Accept-Encoding "";
            proxy_pass <http://localhost:3000>;
            # more_set_input_headers 'Authorization: $http_authorization';
iirc, the main issue was the Upgrade stuff.

Fredrik Bengtsson

03/30/2021, 2:20 PM
Thanks, I will take a look. The interesting part is that dagit can connect to the websocket, it's just the graphql playground which can't . Also all requests from the graphql playground except the websocket contains the authorization header. But it might still be something which breaks in the upgrade part.

Nicolas Galland

03/30/2021, 2:41 PM
Hi Fredrik, it's not the answer you expect but you should give a try to caddy in replacement of nginx/apache. It's really simple to configure, manage ssl certificates without conf, and since I switched, I've avoid all theses kind of problems (I have a caddy in front of dagster in 3 or 4 client's configurations)

Fredrik Bengtsson

03/30/2021, 2:43 PM
Thanks for the tip, unfortunately I'm not sure if I can make the switch.
The funny thing is that after digging around some more, this might be an issue with the GraphiQL web-application. It seems like it doesn't handle headers very well. Looking at GitHub others seem to have had issues with Auth as well. The solution seem to be what I stumbled upon, using the header editor.


03/30/2021, 4:22 PM
@Nicolas Galland Do you perhaps have a sample Dockerfile using as a reverse proxy for Dagit you can share?

Nicolas Galland

03/31/2021, 9:19 AM
hi @mrdavidlaing! Nothing special in the dockerfile. just think to specify localhost in the dockercompose file like this :
thankyou 1
and a minimal Caddyfile should look like this :
(https is by default with caddy. It's what I like with it : default conf is really fine and it manages certificates, so you can have your server up in minutes)