Apollo Gateway local dev with self-signed certificates

chrisrhymes · February 4, 2022, 2:56pm

Hello, I’ve followed the instructions to generate a supergraph.graphql file using rover. To do this locally I had to use the --insecure-accept-invalid-certs setting as my dev server has self signed certificates.

When it comes to creating the gateway using the supergraph.graphql file, I get the following error.

graphQLErrors: [
    {
      message: 'request to https://mysite.localhost/graphql failed, reason: self signed certificate',
      extensions: [Object]
    }
  ],

Is there a config option I can pass to ApolloGateway and/or ApolloServer’s constructor when doing local development to avoid the issue with self-signed certificates? I have already tried setting NODE_TLS_REJECT_UNAUTHORIZED=0 in my .env.local but it seems this is ignored.

const supergraphSdl = readFileSync('./supergraph.graphql').toString();

const gateway = new ApolloGateway({
  supergraphSdl,
});

const apolloServer = new ApolloServer({
  gateway,
});

Thanks!

Cohen_Karnell · March 25, 2022, 5:58pm

Hi, I’m also having this exact same problem and am having trouble getting passed it. Did you learn anything new here?

chrisrhymes · March 25, 2022, 6:34pm

Hello, I did not manage to make any progress on this issue and had to give up as I couldn’t get it to work.

pkunw · April 5, 2022, 6:03pm

Hi,

I’m having the exact same problem, did you try any other alternative or anything else worked for you?

Thanks!

rsarangu · April 26, 2022, 4:22pm

Hi,

I’m running into the same problem, were you able to fix it?

Thanks,

filu · May 18, 2022, 6:29am

Federation 2 uses ‘make-fetch-happen’ which is by default using strict SSL.
As workaround for local development you can create a custom datasource that sets the default options like that:

import { RemoteGraphQLDataSource } from '@apollo/gateway';
import * as fetcher from 'make-fetch-happen';
export class CustomDataSource extends RemoteGraphQLDataSource {
  constructor(config: any) {
    super(config);
      this.fetcher = fetcher.defaults({
        maxSockets: Infinity,
        strictSSL: false,
        retry: false,
    });
  }
}

About custom datasources read this: The graph router - Apollo GraphQL Docs

nolin · August 31, 2022, 7:49pm

Has there been any movement on this issue? I’m having the same issue locally

JB_Apollo · November 28, 2022, 12:30am

For anyone stumbling across this like I did, here’s the solution I found:

I’m not sure how much location matters on this, but I put the following line just before calling new ApolloServer

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = process.env.NODE_ENV === 'development' ? '0' : '';
const server = new ApolloServer({...stuff});
export default startServerAndCreateNextHandler(server);

For context, I’m running a Nextjs app, doing GQL through the Next API with Apollo server, and a separate .NET REST API running locally with a self signed cert. The startServerAndCreateNextHandler bit might not apply to you.

This isn’t an Apollo specific fix. It has to do with node.js and the https module.

Topic		Replies	Views
Apollo federation - self signed certificate in certificate chain error with subgraph Help federation	2	1193	April 27, 2022
Apollo Router local dev with self-signed certificates on subgraphs Help federation , router	0	439	January 9, 2023
Local Development with Managed Federation and Many Subgraphs Help server , federation	6	1282	August 31, 2022
Setting up Apollo Router local Help federation , rover , router	2	557	July 17, 2022
ApolloGateway do not query Subgraph Help federation	1	422	January 3, 2023

Apollo Gateway local dev with self-signed certificates

Related topics