DEV Community

ADITYA OKKE SUGIARSO
ADITYA OKKE SUGIARSO

Posted on

How to secure internal-authorization header

stack:
graphql
nginx
docker-compose

request flow diagram

Image description

nginx config to allowlist request from other service by using their internal IP

server {
    listen 7000;
    allow 10.101.0.01;
    # internal IP of service A
    deny all;


    location / {
        proxy_pass http://api-project-B:7000;
        # api-project-B is service name on docker-compose
        # 7000 is port used by the application on api-project-B service
    }
}
Enter fullscreen mode Exit fullscreen mode

if your user service and gateway service on 1 instance, and you need internal-authorization header implemented on user service, you can deny access to the user graphql URL so the client can only access to user graphql through gateway

server {
    listen 443 ssl http2;

    location / {
        proxy_pass http://api-gateway:5000;
    }
    # deny access to /user/graphql from client
    location /user/graphql {
        deny all;
    }
}
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

mario_beani profile image

Threads: Como definir e limitar a execução visando a performance?

Mario Beani -

themewagon profile image

20+ Most Frequently Asked Questions Answered: Material UI

ThemeWagon -

joshthebtc profile image

🚀💥📈 Dogecoin Unleashes 157% Weekly Boom As Musk-Trump Buzz Builds

Josh Altons -

siisee11 profile image

Langgraph - Human In the Loop

Jaeyoun Nam -