Apollo Gateway local dev with self-signed certificates

chrisrhymes · February 4, 2022, 2:56pm

Hello, I’ve followed the instructions to generate a supergraph.graphql file using rover. To do this locally I had to use the --insecure-accept-invalid-certs setting as my dev server has self signed certificates.

When it comes to creating the gateway using the supergraph.graphql file, I get the following error.

graphQLErrors: [
    {
      message: 'request to https://mysite.localhost/graphql failed, reason: self signed certificate',
      extensions: [Object]
    }
  ],

Is there a config option I can pass to ApolloGateway and/or ApolloServer’s constructor when doing local development to avoid the issue with self-signed certificates? I have already tried setting NODE_TLS_REJECT_UNAUTHORIZED=0 in my .env.local but it seems this is ignored.

const supergraphSdl = readFileSync('./supergraph.graphql').toString();

const gateway = new ApolloGateway({
  supergraphSdl,
});

const apolloServer = new ApolloServer({
  gateway,
});

Thanks!

Cohen_Karnell · March 25, 2022, 5:58pm

Hi, I’m also having this exact same problem and am having trouble getting passed it. Did you learn anything new here?

chrisrhymes · March 25, 2022, 6:34pm

Hello, I did not manage to make any progress on this issue and had to give up as I couldn’t get it to work.

pkunw · April 5, 2022, 6:03pm

Hi,

I’m having the exact same problem, did you try any other alternative or anything else worked for you?

Thanks!

rsarangu · April 26, 2022, 4:22pm

Hi,

I’m running into the same problem, were you able to fix it?

Thanks,

filu · May 18, 2022, 6:29am

Federation 2 uses ‘make-fetch-happen’ which is by default using strict SSL.
As workaround for local development you can create a custom datasource that sets the default options like that:

import { RemoteGraphQLDataSource } from '@apollo/gateway';
import * as fetcher from 'make-fetch-happen';
export class CustomDataSource extends RemoteGraphQLDataSource {
  constructor(config: any) {
    super(config);
      this.fetcher = fetcher.defaults({
        maxSockets: Infinity,
        strictSSL: false,
        retry: false,
    });
  }
}

About custom datasources read this: The graph router - Apollo GraphQL Docs

nolin · August 31, 2022, 7:49pm

Has there been any movement on this issue? I’m having the same issue locally

JB_Apollo · November 28, 2022, 12:30am

For anyone stumbling across this like I did, here’s the solution I found:

I’m not sure how much location matters on this, but I put the following line just before calling new ApolloServer

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = process.env.NODE_ENV === 'development' ? '0' : '';
const server = new ApolloServer({...stuff});
export default startServerAndCreateNextHandler(server);

For context, I’m running a Nextjs app, doing GQL through the Next API with Apollo server, and a separate .NET REST API running locally with a self signed cert. The startServerAndCreateNextHandler bit might not apply to you.

This isn’t an Apollo specific fix. It has to do with node.js and the https module.