Hello! I am working with a Apache proxy infront of dagit. And for dagit it self it works great, however, the graphql playground doesn't. I can reach the page but it fails to connect to the websocket. For some reason the authorization header isn't included in the request to the graphql websocket. If I manually add the header using the http headers tab in the graphql interface, it works great. Do you think this might be a issue with how the graphql playground handles headers? I can't seem to find a setting for Apache which resolves the issue at least. And it seems to be working for all other dagit pages.

hi fredrik, i had some issues with this on nginx, im not sure the settings on apache, but here is my nginx config file:

user root;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    multi_accept on;
}

http {
    
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        listen 80;
        root   /usr/share/nginx/html;

        # Dagster Proxy
        location / {
            ##
            # Auth Settings
            ##
            auth_basic           "Access Restricted";
            auth_basic_user_file /etc/nginx/.htpasswd;
            proxy_http_version 1.1;
            proxy_pass_request_headers on;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Accept-Encoding "";
            proxy_pass <http://localhost:3000>;
            # more_set_input_headers 'Authorization: $http_authorization';
        }
    }
}

Thanks, I will take a look. The interesting part is that dagit can connect to the websocket, it's just the graphql playground which can't . Also all requests from the graphql playground except the websocket contains the authorization header. But it might still be something which breaks in the upgrade part.

Hi Fredrik, it's not the answer you expect but you should give a try to caddy in replacement of nginx/apache. It's really simple to configure, manage ssl certificates without conf, and since I switched, I've avoid all theses kind of problems (I have a caddy in front of dagster in 3 or 4 client's configurations)

Thanks for the tip, unfortunately I'm not sure if I can make the switch.

@Nicolas Galland Do you perhaps have a sample Dockerfile using https://caddyserver.com/ as a reverse proxy for Dagit you can share?

hi @mrdavidlaing! Nothing special in the dockerfile. just think to specify localhost in the dockercompose file like this :