hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-18 04:51:35 +03:00
Code Issues Projects Releases Wiki Activity
169902f88a
graphql-engine/docs/graphql/core/deployment/graphql-engine-flags/config-examples.rst

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

303 lines
10 KiB
ReStructuredText
Raw Normal View History

docs: add meta descriptions to pages (#3631)
2020-01-14 15:57:45 +03:00
.. meta::
:description: Examples of server configurations with Hasura GraphQL engine
:keywords: hasura, docs, deployment, flags, server, server configuration, example
docs: replace doc with ref (close #4054) (#4068)
2020-03-11 22:42:36 +03:00
.. _config_examples:
docs: misc updates - master -> primary terminology change in read replica page - add console flow to add read replica - add (ci/cd) annotation to migrations - add config v2 tag for older migrations pages Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> GitOrigin-RevId: 2d2d8e12fbf4f3142d0611f3ab1ce9285a79779f
2021-04-06 20:04:53 +03:00
Server config examples
======================
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
add table of contents to docs pages (#1115)
2018-12-03 15:12:24 +03:00
.. contents:: Table of contents
:backlinks: none
:depth: 1
:local:
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
docs: move cloud docs (#5411)
2020-08-25 14:53:25 +03:00
Introduction
------------
add table of contents to docs pages (#1115)
2018-12-03 15:12:24 +03:00
The following are a few configuration use cases:
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
.. _add-admin-secret:
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
Add an admin secret
-------------------
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
To add an admin secret to Hasura, pass the ``--admin-secret`` flag with a secret
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
generated by you.
Run server in this mode using following docker command:
.. code-block:: bash
docker run -P -d hasura/graphql-engine:latest graphql-engine \
--database-url postgres://username:password@host:5432/dbname \
serve \
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
--admin-secret XXXXXXXXXXXXXXXX
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
Typically, you will also have a webhook for authentication:
.. code-block:: bash
docker run -P -d hasura/graphql-engine:latest graphql-engine \
--database-url postgres://username:password@host:5432/dbname \
serve \
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
--admin-secret XXXXXXXXXXXXXXXX
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
--auth-hook https://myauth.mywebsite.com/user/session-info
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
In addition to flags, the GraphQL engine also accepts environment variables.
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
In the above case, for adding an admin secret you will use the ``HASURA_GRAPHQL_ADMIN_SECRET``
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
and for the webhook, you will use the ``HASURA_GRAPHQL_AUTH_HOOK`` environment variables.
docs: add cloud references https://github.com/hasura/graphql-engine-mono/pull/1688 Co-authored-by: Jesse Martin <174035+martincreative@users.noreply.github.com> Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: 7a585cb8473e0c5572a347926e156b6ce6f4d780
2021-07-22 16:23:35 +03:00
.. hiding this as it mixes auth for the data plane with auth for the control plane and might be confusing
.. admonition:: Using collaborators as an alternative to Hasura Admin Secret sharing with Hasura Cloud
:class: dhc
docs: add Hasura Cloud caveat in configuring metadata db example PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2954 GitOrigin-RevId: 1ea35da4241b53100cdcdc2631fc6b41cccf8861
2021-11-24 15:28:43 +03:00
Hasura Cloud offers console collaborators which avoids sharing the `HASURA-ADMIN-SECRET` with those that shouldn't
have unrestricted access to your project. For more information about collaborator management, see
:ref:`Collaborators in Hasura Cloud <manage_project_collaborators>`.
docs: add cloud references https://github.com/hasura/graphql-engine-mono/pull/1688 Co-authored-by: Jesse Martin <174035+martincreative@users.noreply.github.com> Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: 7a585cb8473e0c5572a347926e156b6ce6f4d780
2021-07-22 16:23:35 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
.. _cli-with-admin-secret:
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
Using CLI commands with admin secret
------------------------------------
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
When you start the GraphQL engine with an admin secret key, CLI commands will also
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
need this admin secret to contact APIs. It can be set in ``config.yaml`` or as an
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
environment variable or as a flag to the command. For example, let's look at the
case of the ``console`` command:
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
In the ``my-project/config.yaml`` file, set a new key ``admin_secret``:
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
.. code-block:: yaml
# config.yaml
endpoint: https://my-graphql-endpoint.com
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
admin_secret: XXXXXXXXXXXXXXXX
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
The console can now contact the GraphQL APIs with the specified admin secret.
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
.. note::
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
If you're setting an ``admin_secret`` in ``config.yaml`` please make sure you do
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
not check this file into a public repository.
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
An alternate and safe way is to pass the admin secret value to the command
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
as an environment variable:
.. code-block:: bash
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET=xxxxx
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
hasura console
# OR in a single line
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
HASURA_GRAPHQL_ADMIN_SECRET=xxxxx hasura console
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
You can also set the admin secret using a flag to the command:
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
.. code-block:: bash
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
hasura console --admin-secret=XXXXXXXXXXXX
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
.. note::
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
The order of precedence for admin secret and endpoint is as follows:
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
CLI flag > Environment variable > Config file
.. _configure-cors:
Configure CORS
--------------
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
By default, all CORS requests to the Hasura GraphQL engine are allowed. To run with more restrictive CORS settings,
add support for multiple domains in cors config (close #1436) (#1536) Support for multiple domains (as CSV) in the `--cors-domain` flag and `HASURA_GRAPHQL_CORS_DOMAIN` env var. Following are all valid configurations (must include scheme and optional port): ```shell HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080" HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com, http://*.localhost, https://example.com" HASURA_GRAPHQL_CORS_DOMAIN="*" HASURA_GRAPHQL_CORS_DOMAIN="http://example.com, http://*.localhost, http://localhost:3000, https://*.foo.bar.com, https://foo.bar.com" ``` **Note**: top-level domains are not considered as part of wildcard domains. You have to add them separately. E.g - `https://*.foo.com` doesn't include `https://foo.com`. The default (if the flag or env var is not specified) is `*`. Which means CORS headers are sent for all domains.
2019-02-14 08:58:38 +03:00
use the ``--cors-domain`` flag or the ``HASURA_GRAPHQL_CORS_DOMAIN`` ENV variable. The default value is ``*``,
which means CORS headers are sent for all domains.
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
The scheme + host with optional wildcard + optional port have to be mentioned.
add support for multiple domains in cors config (close #1436) (#1536) Support for multiple domains (as CSV) in the `--cors-domain` flag and `HASURA_GRAPHQL_CORS_DOMAIN` env var. Following are all valid configurations (must include scheme and optional port): ```shell HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080" HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com, http://*.localhost, https://example.com" HASURA_GRAPHQL_CORS_DOMAIN="*" HASURA_GRAPHQL_CORS_DOMAIN="http://example.com, http://*.localhost, http://localhost:3000, https://*.foo.bar.com, https://foo.bar.com" ``` **Note**: top-level domains are not considered as part of wildcard domains. You have to add them separately. E.g - `https://*.foo.com` doesn't include `https://foo.com`. The default (if the flag or env var is not specified) is `*`. Which means CORS headers are sent for all domains.
2019-02-14 08:58:38 +03:00
Examples:
merge docs into main repo (close #397) (#398)
2018-09-11 14:11:24 +03:00
.. code-block:: bash
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
# Accepts from https://app.foo.bar.com , https://api.foo.bar.com etc.
HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com"
add support for multiple domains in cors config (close #1436) (#1536) Support for multiple domains (as CSV) in the `--cors-domain` flag and `HASURA_GRAPHQL_CORS_DOMAIN` env var. Following are all valid configurations (must include scheme and optional port): ```shell HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080" HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com, http://*.localhost, https://example.com" HASURA_GRAPHQL_CORS_DOMAIN="*" HASURA_GRAPHQL_CORS_DOMAIN="http://example.com, http://*.localhost, http://localhost:3000, https://*.foo.bar.com, https://foo.bar.com" ``` **Note**: top-level domains are not considered as part of wildcard domains. You have to add them separately. E.g - `https://*.foo.com` doesn't include `https://foo.com`. The default (if the flag or env var is not specified) is `*`. Which means CORS headers are sent for all domains.
2019-02-14 08:58:38 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
# Accepts from https://app.foo.bar.com:8080 , http://api.foo.bar.com:8080,
# http://app.localhost, http://api.localhost, http://localhost:3000,
# http://example.com etc.
HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080, http://*.localhost, http://localhost:3000, http://example.com"
add support for multiple domains in cors config (close #1436) (#1536) Support for multiple domains (as CSV) in the `--cors-domain` flag and `HASURA_GRAPHQL_CORS_DOMAIN` env var. Following are all valid configurations (must include scheme and optional port): ```shell HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080" HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com, http://*.localhost, https://example.com" HASURA_GRAPHQL_CORS_DOMAIN="*" HASURA_GRAPHQL_CORS_DOMAIN="http://example.com, http://*.localhost, http://localhost:3000, https://*.foo.bar.com, https://foo.bar.com" ``` **Note**: top-level domains are not considered as part of wildcard domains. You have to add them separately. E.g - `https://*.foo.com` doesn't include `https://foo.com`. The default (if the flag or env var is not specified) is `*`. Which means CORS headers are sent for all domains.
2019-02-14 08:58:38 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
# Accepts from all domain
HASURA_GRAPHQL_CORS_DOMAIN="*"
add support for multiple domains in cors config (close #1436) (#1536) Support for multiple domains (as CSV) in the `--cors-domain` flag and `HASURA_GRAPHQL_CORS_DOMAIN` env var. Following are all valid configurations (must include scheme and optional port): ```shell HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080" HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com, http://*.localhost, https://example.com" HASURA_GRAPHQL_CORS_DOMAIN="*" HASURA_GRAPHQL_CORS_DOMAIN="http://example.com, http://*.localhost, http://localhost:3000, https://*.foo.bar.com, https://foo.bar.com" ``` **Note**: top-level domains are not considered as part of wildcard domains. You have to add them separately. E.g - `https://*.foo.com` doesn't include `https://foo.com`. The default (if the flag or env var is not specified) is `*`. Which means CORS headers are sent for all domains.
2019-02-14 08:58:38 +03:00
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
# Accepts only from http://example.com
HASURA_GRAPHQL_CORS_DOMAIN="http://example.com"
add support for multiple domains in cors config (close #1436) (#1536) Support for multiple domains (as CSV) in the `--cors-domain` flag and `HASURA_GRAPHQL_CORS_DOMAIN` env var. Following are all valid configurations (must include scheme and optional port): ```shell HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080" HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com, http://*.localhost, https://example.com" HASURA_GRAPHQL_CORS_DOMAIN="*" HASURA_GRAPHQL_CORS_DOMAIN="http://example.com, http://*.localhost, http://localhost:3000, https://*.foo.bar.com, https://foo.bar.com" ``` **Note**: top-level domains are not considered as part of wildcard domains. You have to add them separately. E.g - `https://*.foo.com` doesn't include `https://foo.com`. The default (if the flag or env var is not specified) is `*`. Which means CORS headers are sent for all domains.
2019-02-14 08:58:38 +03:00
.. note::
Top-level domains are not considered as part of wildcard domains. You
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
have to add them separately. E.g. ``https://*.foo.com`` doesn't include
rename access-key to admin-secret (close #1347) (#1540) Rename the admin secret key header used to access GraphQL engine from X-Hasura-Access-Key to X-Hasura-Admin-Secret. Server CLI and console all support the older flag but marks it as deprecated.
2019-02-14 12:37:47 +03:00
``https://foo.com``.
read cookie while initialising websocket connection (fix #1660) (#1668) * read cookie while initialising websocket connection (fix #1660) * add tests for cookie on websocket init * fix logic for tests * enforce cors, and flag to force read cookie when cors disabled - as browsers don't enforce SOP on websockets, we enforce CORS policy on websocket handshake - if CORS is disabled, by default cookie is not read (because XSS risk!). Add special flag to force override this behaviour * add log and forward origin header to webhook - add log notice when cors is disabled, and cookie is not read on websocket handshake - forward origin header to webhook in POST mode. So that when CORS is disabled, webhook can also enforce CORS independently. * add docs, and forward all client headers to webhook
2019-03-04 10:46:53 +03:00
You can tell Hasura to disable handling CORS entirely via the ``--disable-cors``
flag. Hasura will not respond with CORS headers. You can use this option if
you're already handling CORS on a reverse proxy etc.
bundle console assets into server (close #516, close #521, close #2130) (#2192) This PR builds console static assets into the server docker image at `/srv/console-assets`. When env var `HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets` or flag `--console-assets-dir=/srv/console-assets` is set on the server, the files in this directory are served at `/console/assets/*`. The console html template will have a variable called `cdnAssets: false` when this flag is set and it loads assets from server itself instead of CDN. The assets are moved to a new bucket with a new naming scheme: ``` graphql-engine-cdn.hasura.io/console/assets/ /common/{} /versioned/<version/{} /channel/<channel>/<version>/{} ``` Console served by CLI will still load assets from CDN - will fix that in the next release.
2019-05-16 10:45:29 +03:00
.. _console-assets-on-server:
update offline console docs (#3416)
2019-11-25 14:30:41 +03:00
Run console offline *(i.e load console assets from server instead of CDN)*
--------------------------------------------------------------------------
bundle console assets into server (close #516, close #521, close #2130) (#2192) This PR builds console static assets into the server docker image at `/srv/console-assets`. When env var `HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets` or flag `--console-assets-dir=/srv/console-assets` is set on the server, the files in this directory are served at `/console/assets/*`. The console html template will have a variable called `cdnAssets: false` when this flag is set and it loads assets from server itself instead of CDN. The assets are moved to a new bucket with a new naming scheme: ``` graphql-engine-cdn.hasura.io/console/assets/ /common/{} /versioned/<version/{} /channel/<channel>/<version>/{} ``` Console served by CLI will still load assets from CDN - will fix that in the next release.
2019-05-16 10:45:29 +03:00
update offline console docs (#3416)
2019-11-25 14:30:41 +03:00
Normally the static assets (js, css, fonts, img etc.) required by the console are loaded from a CDN.
Starting with ``v1.0.0-beta.1``, these assets are bundled with the Docker image published by Hasura.
bundle console assets into server (close #516, close #521, close #2130) (#2192) This PR builds console static assets into the server docker image at `/srv/console-assets`. When env var `HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets` or flag `--console-assets-dir=/srv/console-assets` is set on the server, the files in this directory are served at `/console/assets/*`. The console html template will have a variable called `cdnAssets: false` when this flag is set and it loads assets from server itself instead of CDN. The assets are moved to a new bucket with a new naming scheme: ``` graphql-engine-cdn.hasura.io/console/assets/ /common/{} /versioned/<version/{} /channel/<channel>/<version>/{} ``` Console served by CLI will still load assets from CDN - will fix that in the next release.
2019-05-16 10:45:29 +03:00
These files can be found at ``/srv/console-assets``.
If you're working in an environment with Hasura running locally and have no
update offline console docs (#3416)
2019-11-25 14:30:41 +03:00
access to internet, you can configure the GraphQL engine to load assets from the
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
Docker image itself, instead of the CDN.
bundle console assets into server (close #516, close #521, close #2130) (#2192) This PR builds console static assets into the server docker image at `/srv/console-assets`. When env var `HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets` or flag `--console-assets-dir=/srv/console-assets` is set on the server, the files in this directory are served at `/console/assets/*`. The console html template will have a variable called `cdnAssets: false` when this flag is set and it loads assets from server itself instead of CDN. The assets are moved to a new bucket with a new naming scheme: ``` graphql-engine-cdn.hasura.io/console/assets/ /common/{} /versioned/<version/{} /channel/<channel>/<version>/{} ``` Console served by CLI will still load assets from CDN - will fix that in the next release.
2019-05-16 10:45:29 +03:00
Set the following env var or flag on the server:
.. code-block:: bash
# env var
HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets
# flag
--console-assets-dir=/srv/console-assets
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
Once the flag is set, all files in the ``/srv/console-assets`` directory of the
Docker image will be served at the ``/console/assets`` endpoint on the server with
bundle console assets into server (close #516, close #521, close #2130) (#2192) This PR builds console static assets into the server docker image at `/srv/console-assets`. When env var `HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets` or flag `--console-assets-dir=/srv/console-assets` is set on the server, the files in this directory are served at `/console/assets/*`. The console html template will have a variable called `cdnAssets: false` when this flag is set and it loads assets from server itself instead of CDN. The assets are moved to a new bucket with a new naming scheme: ``` graphql-engine-cdn.hasura.io/console/assets/ /common/{} /versioned/<version/{} /channel/<channel>/<version>/{} ``` Console served by CLI will still load assets from CDN - will fix that in the next release.
2019-05-16 10:45:29 +03:00
the right content-type headers.
.. note::
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
Hasura follows a rolling update pattern for console releases where assets for
bundle console assets into server (close #516, close #521, close #2130) (#2192) This PR builds console static assets into the server docker image at `/srv/console-assets`. When env var `HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets` or flag `--console-assets-dir=/srv/console-assets` is set on the server, the files in this directory are served at `/console/assets/*`. The console html template will have a variable called `cdnAssets: false` when this flag is set and it loads assets from server itself instead of CDN. The assets are moved to a new bucket with a new naming scheme: ``` graphql-engine-cdn.hasura.io/console/assets/ /common/{} /versioned/<version/{} /channel/<channel>/<version>/{} ``` Console served by CLI will still load assets from CDN - will fix that in the next release.
2019-05-16 10:45:29 +03:00
a ``major.minor`` version is updated continuously across all patches. If
fix typos in documentation (#2562)
2019-09-11 10:17:14 +03:00
you're using the assets on the server with a Docker image, it might not be the latest
docs: misc updates - update cloud pricing plan names - add supported from/in notes - add config.yaml version note for using config v2 - nitpicks GitOrigin-RevId: 4c06efb15cbec650fd38162f4d3b71d13c6ee56e
2021-03-17 16:43:59 +03:00
version of the console.
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 10:55:51 +03:00
docs: add disabling dev mode to production checklist (#4715)
2020-05-19 10:55:59 +03:00
.. _dev-mode:
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 10:55:51 +03:00
docs: add disabling dev mode to production checklist (#4715)
2020-05-19 10:55:59 +03:00
Dev (debugging) mode
--------------------
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 10:55:51 +03:00
The Hasura GraphQL engine may provide additional information for each object in the ``extensions`` key of ``errors``.
The ``internal`` key contains error information including the
generated SQL statement and exception information from Postgres.
This can be highly useful, especially in the case of debugging errors in :doc:`action <../../actions/debugging>` requests.
docs: fix docs on debug mode and internal key There were 2 problems in the docs: 1. Extensions key is always sent in error responses. The `internal` key requires debug mode. 2. Admin role errors have the `internal` key by default PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2550 GitOrigin-RevId: 4121f1ef45290896887be447a73f96b0d4e016b4
2021-10-11 12:29:51 +03:00
By default the ``internal`` key is not sent in the ``extensions`` response (except for ``admin`` roles). To enable this,
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 10:55:51 +03:00
start the GraphQL engine server in debugging mode with the following configuration:
.. code-block:: bash
docs: add disabling dev mode to production checklist (#4715)
2020-05-19 10:55:59 +03:00
# env var
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 10:55:51 +03:00
HASURA_GRAPHQL_DEV_MODE=true
docs: add disabling dev mode to production checklist (#4715)
2020-05-19 10:55:59 +03:00
# flag
--dev-mode
docs: fix docs on debug mode and internal key There were 2 problems in the docs: 1. Extensions key is always sent in error responses. The `internal` key requires debug mode. 2. Admin role errors have the `internal` key by default PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2550 GitOrigin-RevId: 4121f1ef45290896887be447a73f96b0d4e016b4
2021-10-11 12:29:51 +03:00
The ``internal`` key is sent for ``admin`` role requests by default. To disable them, configure as follows:
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 10:55:51 +03:00
.. code-block:: bash
docs: add disabling dev mode to production checklist (#4715)
2020-05-19 10:55:59 +03:00
# env var
docs: fix docs on debug mode and internal key There were 2 problems in the docs: 1. Extensions key is always sent in error responses. The `internal` key requires debug mode. 2. Admin role errors have the `internal` key by default PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2550 GitOrigin-RevId: 4121f1ef45290896887be447a73f96b0d4e016b4
2021-10-11 12:29:51 +03:00
HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS=false
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 10:55:51 +03:00
docs: add disabling dev mode to production checklist (#4715)
2020-05-19 10:55:59 +03:00
# flag
docs: fix docs on debug mode and internal key There were 2 problems in the docs: 1. Extensions key is always sent in error responses. The `internal` key requires debug mode. 2. Admin role errors have the `internal` key by default PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2550 GitOrigin-RevId: 4121f1ef45290896887be447a73f96b0d4e016b4
2021-10-11 12:29:51 +03:00
--admin-internal-errors false
docs: add disabling dev mode to production checklist (#4715)
2020-05-19 10:55:59 +03:00
improve debug information in actions errors response (close #4031) (#4432) * config options for internal errors for non-admin role, close #4031 More detailed action debug info is added in response 'internal' field * add docs * update CHANGELOG.md * set admin graphql errors option in ci tests, minor changes to docs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * Apply suggestions from code review Co-Authored-By: Marion Schleifer <marion@hasura.io> * use a new sum type to represent the inclusion of internal errors As suggested in review by @0x777 -> Move around few modules in to specific API folder -> Saperate types from Init.hs * fix tests Don't use any auth for sync actions error tests. The request body changes based on auth type in session_variables (x-hasura-auth-mode) * move 'HttpResponse' to 'Hasura.HTTP' module * update change log with breaking change warning * Update CHANGELOG.md Co-authored-by: Marion Schleifer <marion@hasura.io> Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
2020-04-24 10:55:51 +03:00
.. note::
It is highly recommended to enable debugging only for the ``admin`` role in production.
docs: add env_var/flags spec for metadata-db-url and update PG permission page Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: bb378baee249334f4bc0add43e364dbad6a7284f
2021-02-19 13:13:25 +03:00
docs: Add metadata db link in index of server configuration use case GitOrigin-RevId: 1c2c4c7c65c6e01ddbec7e589d8644bdb5e856ed
2021-03-09 16:29:37 +03:00
.. _add-metadata-database:
docs: add env_var/flags spec for metadata-db-url and update PG permission page Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: bb378baee249334f4bc0add43e364dbad6a7284f
2021-02-19 13:13:25 +03:00
Add a metadata database
-----------------------
The Hasura GraphQL engine when initialized, creates a schema called ``hdb_catalog`` in the Postgres database
and initializes a few tables under it. This schema and the internal tables are generally termed as the
``metadata catalogue`` and is responsible to manage the internal state of the Hasura GraphQL engine.
By default, the ``metadata_catalogue`` is created inside the primary database provided by the user.
But sometimes it might be more advantageous to segregate the primary database and the metadata database.
docs: fix typo in config examples page GITHUB_PR_NUMBER: 7634 GITHUB_PR_URL: https://github.com/hasura/graphql-engine/pull/7634 PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2489 Co-authored-by: thephenix4 <69722745+thephenix4@users.noreply.github.com> Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: 246da4575afa583ce44fc858ac1a1053a730cf26
2021-11-25 16:39:33 +03:00
Hasura GraphQL engine provides a way to the users to provide an entirely separate database to store the
docs: add env_var/flags spec for metadata-db-url and update PG permission page Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: bb378baee249334f4bc0add43e364dbad6a7284f
2021-02-19 13:13:25 +03:00
``metadata catalogue``.
To add a metadata database, set the following environment variable or add the flag to the server executable
.. code-block:: bash
# env var
HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://<user>:<password>@<host>:<port>/<metadata-db-name>
# flag
--metadata-database-url=postgres://<user>:<password>@<host>:<port>/<metadata-db-name>
docs: add Hasura Cloud caveat in configuring metadata db example PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2954 GitOrigin-RevId: 1ea35da4241b53100cdcdc2631fc6b41cccf8861
2021-11-24 15:28:43 +03:00
.. admonition:: Caveat for Hasura Cloud
The metadata for Hasura Cloud projects is stored in dedicated metadata DBs managed by Hasura Cloud.
Hence the ``HASURA_GRAPHQL_METADATA_DATABASE_URL`` cannot be configured on Hasura Cloud as its value is controlled
by Hasura Cloud itself.
Possible configurations:
~~~~~~~~~~~~~~~~~~~~~~~~
docs: add env_var/flags spec for metadata-db-url and update PG permission page Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: bb378baee249334f4bc0add43e364dbad6a7284f
2021-02-19 13:13:25 +03:00
**1. Both the** ``primary database`` **and** ``metadata database`` **are provided to the server**
.. code-block:: bash
# env var
HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://<user>:<password>@<host>:<port>/<metadata-db-name>
HASURA_GRAPHQL_DATABASE_URL=postgres://<user>:<password>@<host>:<port>/<db-name>
# flag
--metadata-database-url=postgres://<user>:<password>@<host>:<port>/<metadata-db-name>
--database-url=postgres://<user>:<password>@<host>:<port>/<db-name>
docs: add Hasura Cloud caveat in configuring metadata db example PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2954 GitOrigin-RevId: 1ea35da4241b53100cdcdc2631fc6b41cccf8861
2021-11-24 15:28:43 +03:00
In this case, Hasura GraphQL engine will use the ``HASURA_GRAPHQL_METADATA_DATABASE_URL`` to store the ``metadata catalogue``
and starts the server with the database provided in the ``HASURA_GRAPHQL_DATABASE_URL``.
docs: add env_var/flags spec for metadata-db-url and update PG permission page Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: bb378baee249334f4bc0add43e364dbad6a7284f
2021-02-19 13:13:25 +03:00
**2. Only** ``metadata database`` **is provided to the server**
.. code-block:: bash
# env var
HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://<user>:<password>@<host>:<port>/<metadata-db-name>
# flag
--metadata-database-url=postgres://<user>:<password>@<host>:<port>/<metadata-db-name>
docs: add Hasura Cloud caveat in configuring metadata db example PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2954 GitOrigin-RevId: 1ea35da4241b53100cdcdc2631fc6b41cccf8861
2021-11-24 15:28:43 +03:00
In this case, Hasura GraphQL engine will use the ``HASURA_GRAPHQL_METADATA_DATABASE_URL`` to store the ``metadata catalogue``
and starts the server without tracking/managing any database. *i.e* a Hasura GraphQL server will be started with no database. The
user could then manually track/manage databases at a later time.
docs: add env_var/flags spec for metadata-db-url and update PG permission page Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: bb378baee249334f4bc0add43e364dbad6a7284f
2021-02-19 13:13:25 +03:00
**3. Only** ``primary database`` **is provided to the server**
.. code-block:: bash
# env var
HASURA_GRAPHQL_DATABASE_URL=postgres://<user>:<password>@<host>:<port>/<db-name>
# flag
--database-url=postgres://<user>:<password>@<host>:<port>/<db-name>
docs: add Hasura Cloud caveat in configuring metadata db example PR-URL: https://github.com/hasura/graphql-engine-mono/pull/2954 GitOrigin-RevId: 1ea35da4241b53100cdcdc2631fc6b41cccf8861
2021-11-24 15:28:43 +03:00
In this case, Hasura GraphQL engine server will start with the database provided in the ``HASURA_GRAPHQL_DATABASE_URL`` and will
also use the *same database* to store the ``metadata catalogue``.
docs: add env_var/flags spec for metadata-db-url and update PG permission page Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com> GitOrigin-RevId: bb378baee249334f4bc0add43e364dbad6a7284f
2021-02-19 13:13:25 +03:00
**4. Neither** ``primary database`` **nor** ``metadata database`` **is provided to the server**
Hasura GraphQL engine will fail to startup and will throw an error
.. code-block:: bash
Fatal Error: Either of --metadata-database-url or --database-url option expected
Reference in New Issue Copy Permalink