终止 SSL
大多数生产环境都使用负载均衡器或HTTP代理(如nginx)在环境中代表Web应用执行SSL终止。
如果您使用Apollo Server在需要进行自身SSL终止的应用程序中,可以使用带expressMiddleware函数的https模块。
以下是一个在生产中使用HTTPS,在开发中使用HTTP的示例
index.ts
import { ApolloServer } from '@apollo/server';import { expressMiddleware } from '@apollo/server/express4';import { ApolloServerPluginDrainHttpServer } from '@apollo/server/plugin/drainHttpServer';import typeDefs from './graphql/schema';import resolvers from './graphql/resolvers';import cors from 'cors';import express from 'express';import http from 'http';import https from 'https';import fs from 'fs';const configurations = {// Note: You may need sudo to run on port 443production: { ssl: true, port: 443, hostname: 'example.com' },development: { ssl: false, port: 4000, hostname: 'localhost' },};const environment = process.env.NODE_ENV || 'production';const config = configurations[environment];const server = new ApolloServer({typeDefs,resolvers,});await server.start();const app = express();// our express server is mounted at /graphqlapp.use('/graphql', cors<cors.CorsRequest>(), express.json(), expressMiddleware(server));// Create the HTTPS or HTTP server, per configurationlet httpServer;if (config.ssl) {// Assumes certificates are in a .ssl folder off of the package root.// Make sure these files are secured.httpServer = https.createServer({key: fs.readFileSync(`./ssl/${environment}/server.key`),cert: fs.readFileSync(`./ssl/${environment}/server.crt`),},app,);} else {httpServer = http.createServer(app);}await new Promise<void>((resolve) => httpServer.listen({ port: config.port }, resolve));console.log('🚀 Server ready at', `http${config.ssl ? 's' : ''}://${config.hostname}:${config.port}/graphql`);
index.js
import { ApolloServer } from '@apollo/server';import { expressMiddleware } from '@apollo/server/express4';import typeDefs from './graphql/schema';import resolvers from './graphql/resolvers';import cors from 'cors';import express from 'express';import http from 'http';import https from 'https';import fs from 'fs';const configurations = {// Note: You may need sudo to run on port 443production: { ssl: true, port: 443, hostname: 'example.com' },development: { ssl: false, port: 4000, hostname: 'localhost' },};const environment = process.env.NODE_ENV || 'production';const config = configurations[environment];const server = new ApolloServer({typeDefs,resolvers,});await server.start();const app = express();// our express server is mounted at /graphqlapp.use('/graphql', cors(), express.json(), expressMiddleware(server));// Create the HTTPS or HTTP server, per configurationlet httpServer;if (config.ssl) {// Assumes certificates are in a .ssl folder off of the package root.// Make sure these files are secured.httpServer = https.createServer({key: fs.readFileSync(`./ssl/${environment}/server.key`),cert: fs.readFileSync(`./ssl/${environment}/server.crt`),},app,);} else {httpServer = http.createServer(app);}await new Promise((resolve) => httpServer.listen({ port: config.port }, resolve));console.log('🚀 Server ready at', `http${config.ssl ? 's' : ''}://${config.hostname}:${config.port}/graphql`);