mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-24 07:52:14 +03:00
37 lines
1.1 KiB
ReStructuredText
37 lines
1.1 KiB
ReStructuredText
.. meta::
|
|
:description: Secure Hasura GraphQL endpoint with Docker deployment
|
|
:keywords: hasura, docs, deployment, docker, secure
|
|
|
|
.. _docker_secure:
|
|
|
|
Securing the GraphQL endpoint (Docker)
|
|
======================================
|
|
|
|
.. contents:: Table of contents
|
|
:backlinks: none
|
|
:depth: 1
|
|
:local:
|
|
|
|
To make sure that your GraphQL endpoint and the Hasura console are not publicly accessible, you need to
|
|
configure an admin secret key.
|
|
|
|
Run the Docker command with an admin-secret env var
|
|
---------------------------------------------------
|
|
|
|
.. code-block:: bash
|
|
:emphasize-lines: 5
|
|
|
|
#! /bin/bash
|
|
docker run -d -p 8080:8080 \
|
|
-e HASURA_GRAPHQL_DATABASE_URL=postgres://username:password@hostname:port/dbname \
|
|
-e HASURA_GRAPHQL_ENABLE_CONSOLE=true \
|
|
-e HASURA_GRAPHQL_ADMIN_SECRET=myadminsecretkey \
|
|
hasura/graphql-engine:latest
|
|
|
|
|
|
.. note::
|
|
|
|
The ``HASURA_GRAPHQL_ADMIN_SECRET`` should never be passed from the client to the Hasura GraphQL engine as it would
|
|
give the client full admin rights to your Hasura instance. See :ref:`auth` for information on
|
|
setting up authentication.
|