Enable HTTPS

Setting up HTTPS

Hasura GraphQL engine does not handle SSL/TLS for your API. That means, Hasura GraphQL engine cannot serve your API on an HTTPS URL.

You should use a reverse proxy (like Nginx, Caddy, Kong, Traefik etc.) or the cloud provider’s native load balancer SSL termination features to secure your API.

Sample configurations

Here are a few sample configurations for some popular proxies:

Nginx

Here is a sample nginx.conf to proxy requests to Hasura:

server {
  listen 80;
  server_name hasura.my-domain.com;

  location / {
    proxy_pass http://localhost:8080/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
}

Please note that setting up SSL is not covered in this guide. You can find more information at Nginx docs.

To serve Hasura with a URL prefix instead of a separate subdomain, use location /hasura/ or similar.

Caddy

Here is a sample Caddyfile to proxy requests to Hasura:

hasura.my-domain.com {
  proxy / http://localhost:8080
  websocket
}

The sample Caddyfile for Caddy 2:

hasura.my-domain.com {
  reverse_proxy localhost:8080
}

Caddy has SSL provisioning built-in with Let’s Encrypt. You can find the docs at Caddy website.

In order to serve at a URL prefix, use the following configuration:

my-domain.com {
  proxy /hasura http://localhost:8080
  websocket
  without /hasura
}