stack:
graphql
nginx
docker-compose
request flow diagram
nginx config to allowlist request from other service by using their internal IP
server {
listen 7000;
allow 10.101.0.01;
# internal IP of service A
deny all;
location / {
proxy_pass http://api-project-B:7000;
# api-project-B is service name on docker-compose
# 7000 is port used by the application on api-project-B service
}
}
if your user service and gateway service on 1 instance, and you need internal-authorization header implemented on user service, you can deny access to the user graphql URL so the client can only access to user graphql through gateway
server {
listen 443 ssl http2;
location / {
proxy_pass http://api-gateway:5000;
}
# deny access to /user/graphql from client
location /user/graphql {
deny all;
}
}
Top comments (0)