2020-01-14 15:57:45 +03:00
.. meta ::
:description: Examples of server configurations with Hasura GraphQL engine
:keywords: hasura, docs, deployment, flags, server, server configuration, example
2020-03-11 22:42:36 +03:00
.. _config_examples:
2018-09-11 14:11:24 +03:00
GraphQL engine server config examples
=====================================
2018-12-03 15:12:24 +03:00
.. contents :: Table of contents
:backlinks: none
:depth: 1
:local:
2018-09-11 14:11:24 +03:00
2020-08-25 14:53:25 +03:00
Introduction
------------
2018-12-03 15:12:24 +03:00
The following are a few configuration use cases:
2018-09-11 14:11:24 +03:00
2019-02-14 12:37:47 +03:00
.. _add-admin-secret:
2018-09-11 14:11:24 +03:00
2019-02-14 12:37:47 +03:00
Add an admin secret
-------------------
2018-09-11 14:11:24 +03:00
2019-09-11 10:17:14 +03:00
To add an admin secret to Hasura, pass the `` --admin-secret `` flag with a secret
2018-09-11 14:11:24 +03:00
generated by you.
Run server in this mode using following docker command:
.. code-block :: bash
docker run -P -d hasura/graphql-engine:latest graphql-engine \
--database-url postgres://username:password@host:5432/dbname \
serve \
2019-02-14 12:37:47 +03:00
--admin-secret XXXXXXXXXXXXXXXX
2018-09-11 14:11:24 +03:00
Typically, you will also have a webhook for authentication:
.. code-block :: bash
docker run -P -d hasura/graphql-engine:latest graphql-engine \
--database-url postgres://username:password@host:5432/dbname \
serve \
2019-02-14 12:37:47 +03:00
--admin-secret XXXXXXXXXXXXXXXX
2018-09-11 14:11:24 +03:00
--auth-hook https://myauth.mywebsite.com/user/session-info
2019-09-11 10:17:14 +03:00
In addition to flags, the GraphQL engine also accepts environment variables.
2018-09-11 14:11:24 +03:00
2019-02-14 12:37:47 +03:00
In the above case, for adding an admin secret you will use the `` HASURA_GRAPHQL_ADMIN_SECRET ``
2018-09-11 14:11:24 +03:00
and for the webhook, you will use the `` HASURA_GRAPHQL_AUTH_HOOK `` environment variables.
2019-02-14 12:37:47 +03:00
.. _cli-with-admin-secret:
2018-09-11 14:11:24 +03:00
2019-02-14 12:37:47 +03:00
Using CLI commands with admin secret
------------------------------------
2018-09-11 14:11:24 +03:00
2019-09-11 10:17:14 +03:00
When you start the GraphQL engine with an admin secret key, CLI commands will also
2019-02-14 12:37:47 +03:00
need this admin secret to contact APIs. It can be set in `` config.yaml `` or as an
2018-09-11 14:11:24 +03:00
environment variable or as a flag to the command. For example, let's look at the
case of the `` console `` command:
2019-02-14 12:37:47 +03:00
In the `` my-project/config.yaml `` file, set a new key `` admin_secret `` :
2018-09-11 14:11:24 +03:00
.. code-block :: yaml
# config.yaml
endpoint: https://my-graphql-endpoint.com
2019-02-14 12:37:47 +03:00
admin_secret: XXXXXXXXXXXXXXXX
2018-09-11 14:11:24 +03:00
2019-02-14 12:37:47 +03:00
The console can now contact the GraphQL APIs with the specified admin secret.
2018-09-11 14:11:24 +03:00
.. note ::
2019-09-11 10:17:14 +03:00
If you're setting an `` admin_secret `` in `` config.yaml `` please make sure you do
2018-09-11 14:11:24 +03:00
not check this file into a public repository.
2019-02-14 12:37:47 +03:00
An alternate and safe way is to pass the admin secret value to the command
2018-09-11 14:11:24 +03:00
as an environment variable:
.. code-block :: bash
2019-02-14 12:37:47 +03:00
export HASURA_GRAPHQL_ADMIN_SECRET=xxxxx
2018-09-11 14:11:24 +03:00
hasura console
# OR in a single line
2019-02-14 12:37:47 +03:00
HASURA_GRAPHQL_ADMIN_SECRET=xxxxx hasura console
2018-09-11 14:11:24 +03:00
2019-02-14 12:37:47 +03:00
You can also set the admin secret using a flag to the command:
2018-09-11 14:11:24 +03:00
.. code-block :: bash
2019-02-14 12:37:47 +03:00
hasura console --admin-secret=XXXXXXXXXXXX
2018-09-11 14:11:24 +03:00
.. note ::
2019-02-14 12:37:47 +03:00
The order of precedence for admin secret and endpoint is as follows:
2018-09-11 14:11:24 +03:00
CLI flag > Environment variable > Config file
.. _configure-cors:
Configure CORS
--------------
2019-09-11 10:17:14 +03:00
By default, all CORS requests to the Hasura GraphQL engine are allowed. To run with more restrictive CORS settings,
2019-02-14 08:58:38 +03:00
use the `` --cors-domain `` flag or the `` HASURA_GRAPHQL_CORS_DOMAIN `` ENV variable. The default value is `` * `` ,
which means CORS headers are sent for all domains.
2018-09-11 14:11:24 +03:00
2019-09-11 10:17:14 +03:00
The scheme + host with optional wildcard + optional port have to be mentioned.
2019-02-14 08:58:38 +03:00
Examples:
2018-09-11 14:11:24 +03:00
.. code-block :: bash
2019-02-14 12:37:47 +03:00
# Accepts from https://app.foo.bar.com , https://api.foo.bar.com etc.
HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com"
2019-02-14 08:58:38 +03:00
2019-02-14 12:37:47 +03:00
# Accepts from https://app.foo.bar.com:8080 , http://api.foo.bar.com:8080,
# http://app.localhost, http://api.localhost, http://localhost:3000,
# http://example.com etc.
HASURA_GRAPHQL_CORS_DOMAIN="https://*.foo.bar.com:8080, http://* .localhost, http://localhost:3000, http://example.com"
2019-02-14 08:58:38 +03:00
2019-02-14 12:37:47 +03:00
# Accepts from all domain
HASURA_GRAPHQL_CORS_DOMAIN="*"
2019-02-14 08:58:38 +03:00
2019-02-14 12:37:47 +03:00
# Accepts only from http://example.com
HASURA_GRAPHQL_CORS_DOMAIN="http://example.com"
2019-02-14 08:58:38 +03:00
.. note ::
Top-level domains are not considered as part of wildcard domains. You
2019-09-11 10:17:14 +03:00
have to add them separately. E.g. `` https://*.foo.com `` doesn't include
2019-02-14 12:37:47 +03:00
`` https://foo.com `` .
2019-03-04 10:46:53 +03:00
You can tell Hasura to disable handling CORS entirely via the `` --disable-cors ``
flag. Hasura will not respond with CORS headers. You can use this option if
you're already handling CORS on a reverse proxy etc.
2019-05-16 10:45:29 +03:00
.. _console-assets-on-server:
2019-11-25 14:30:41 +03:00
Run console offline *(i.e load console assets from server instead of CDN)*
--------------------------------------------------------------------------
2019-05-16 10:45:29 +03:00
2019-11-25 14:30:41 +03:00
Normally the static assets (js, css, fonts, img etc.) required by the console are loaded from a CDN.
Starting with `` v1.0.0-beta.1 `` , these assets are bundled with the Docker image published by Hasura.
2019-05-16 10:45:29 +03:00
These files can be found at `` /srv/console-assets `` .
If you're working in an environment with Hasura running locally and have no
2019-11-25 14:30:41 +03:00
access to internet, you can configure the GraphQL engine to load assets from the
2019-09-11 10:17:14 +03:00
Docker image itself, instead of the CDN.
2019-05-16 10:45:29 +03:00
Set the following env var or flag on the server:
.. code-block :: bash
# env var
HASURA_GRAPHQL_CONSOLE_ASSETS_DIR=/srv/console-assets
# flag
--console-assets-dir=/srv/console-assets
2019-09-11 10:17:14 +03:00
Once the flag is set, all files in the `` /srv/console-assets `` directory of the
Docker image will be served at the `` /console/assets `` endpoint on the server with
2019-05-16 10:45:29 +03:00
the right content-type headers.
.. note ::
2019-09-11 10:17:14 +03:00
Hasura follows a rolling update pattern for console releases where assets for
2019-05-16 10:45:29 +03:00
a `` major.minor `` version is updated continuously across all patches. If
2019-09-11 10:17:14 +03:00
you're using the assets on the server with a Docker image, it might not be the latest
2019-05-16 10:45:29 +03:00
version of console.
2020-04-24 10:55:51 +03:00
2020-05-19 10:55:59 +03:00
.. _dev-mode:
2020-04-24 10:55:51 +03:00
2020-05-19 10:55:59 +03:00
Dev (debugging) mode
--------------------
2020-04-24 10:55:51 +03:00
The Hasura GraphQL engine may provide additional information for each object in the `` extensions `` key of `` errors `` .
The `` internal `` key contains error information including the
generated SQL statement and exception information from Postgres.
This can be highly useful, especially in the case of debugging errors in :doc: `action <../../actions/debugging>` requests.
By default the `` extensions `` key is not sent in the `` errors `` response. To enable this,
start the GraphQL engine server in debugging mode with the following configuration:
.. code-block :: bash
2020-05-19 10:55:59 +03:00
# env var
2020-04-24 10:55:51 +03:00
HASURA_GRAPHQL_DEV_MODE=true
2020-05-19 10:55:59 +03:00
# flag
--dev-mode
2020-04-24 10:55:51 +03:00
If you want the debugging mode enabled only for `` admin `` role requests, configure as follows instead of the above:
.. code-block :: bash
2020-05-19 10:55:59 +03:00
# env var
2020-04-24 10:55:51 +03:00
HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS=true
2020-05-19 10:55:59 +03:00
# flag
--admin-internal-errors
2020-04-24 10:55:51 +03:00
.. note ::
It is highly recommended to enable debugging only for the `` admin `` role in production.
2021-02-19 13:13:25 +03:00
2021-03-09 16:29:37 +03:00
.. _add-metadata-database:
2021-02-19 13:13:25 +03:00
Add a metadata database
-----------------------
The Hasura GraphQL engine when initialized, creates a schema called `` hdb_catalog `` in the Postgres database
and initializes a few tables under it. This schema and the internal tables are generally termed as the
`` metadata catalogue `` and is responsible to manage the internal state of the Hasura GraphQL engine.
By default, the `` metadata_catalogue `` is created inside the primary database provided by the user.
But sometimes it might be more advantageous to segregate the primary database and the metadata database.
Hasura GraphQL engine provides a way to the users to provide an entirely seperate Database to store the
`` metadata catalogue `` .
To add a metadata database, set the following environment variable or add the flag to the server executable
.. code-block :: bash
# env var
HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://<user>:<password> @<host>:<port> /<metadata-db-name>
# flag
--metadata-database-url=postgres://<user>:<password> @<host>:<port> /<metadata-db-name>
Different Scenarios:
~~~~~~~~~~~~~~~~~~~~
**1. Both the** `` primary database `` **and** `` metadata database `` **are provided to the server**
.. code-block :: bash
# env var
HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://<user>:<password> @<host>:<port> /<metadata-db-name>
HASURA_GRAPHQL_DATABASE_URL=postgres://<user>:<password> @<host>:<port> /<db-name>
# flag
--metadata-database-url=postgres://<user>:<password> @<host>:<port> /<metadata-db-name>
--database-url=postgres://<user>:<password> @<host>:<port> /<db-name>
In this case, Hasura GraphQL engine will use the `` HASURA_GRAPHQL_METADATA_DATABASE_URL `` to store the `` metadata catalogue `` and starts the server with the database provided in the `` HASURA_GRAPHQL_DATABASE_URL `` .
**2. Only** `` metadata database `` **is provided to the server**
.. code-block :: bash
# env var
HASURA_GRAPHQL_METADATA_DATABASE_URL=postgres://<user>:<password> @<host>:<port> /<metadata-db-name>
# flag
--metadata-database-url=postgres://<user>:<password> @<host>:<port> /<metadata-db-name>
In this case, Hasura GraphQL engine will use the `` HASURA_GRAPHQL_METADATA_DATABASE_URL `` to store the `` metadata catalogue `` and starts the server without tracking/managing any database. *i.e* a Hasura GraphQL server will be started with no database. The user could then manually track/manage databases at a later time.
**3. Only** `` primary database `` **is provided to the server**
.. code-block :: bash
# env var
HASURA_GRAPHQL_DATABASE_URL=postgres://<user>:<password> @<host>:<port> /<db-name>
# flag
--database-url=postgres://<user>:<password> @<host>:<port> /<db-name>
In this case, Hasura GraphQL engine server will start with the database provided in the `` HASURA_GRAPHQL_DATABASE_URL `` and will also use the *same database* to store the `` metadata catalogue `` .
**4. Neither** `` primary database `` **nor** `` metadata database `` **is provided to the server**
Hasura GraphQL engine will fail to startup and will throw an error
.. code-block :: bash
Fatal Error: Either of --metadata-database-url or --database-url option expected