This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

Why does my graphql server need to be open to the internet to work?

anorman
Node

‎06-11-2022 09:52 AM

I am quite perplexed and actually a bit concerned here.. 

I built a grandstack application.  The system consists of 3 physical servers, one for the webserver, one for the neo4j database server and a third machine is the graphql/apollo server.

The physical network looks like

(neo4j) - (apollo/graphql) - (web)

The neo4j & Apollo servers are not directly accessible from the internet (I can poke a hole in the firewall for them to be, but that defeats the purpose)

The webserver of course is internet public

And the apollo/graphql server has a hole poked in it so only the webserver machine at the correct TCP port can access the service. 

When I gave out the web address for people to test it, they said the website doesn't work. I checked, and sure enough their computers were attempting to access the graphql/apollo server directly??

Am I fundamentally misunderstanding something here? Why would a web client need direct access to my graphql/apollo server? If this is the case, and this behavior cannot be changed, graphql just went out the window and I'll go back to plain on REST API's as I want the added security of those machines NOT being accessible from the internet!

Thanks in advance,

 

Andre

0 Kudos
Reply
1 REPLY 1

michael_hunger
Neo4j
Neo4j

‎06-16-2022 11:55 AM

Something is wrong with your setup there. The users should not have access to the graphql server.

The web server (implementation, not the webpage) would access the Graphql API.

You _can_ have the webpage access the graphql api, much like every other website does (like twitter, github etc), that's fine too for the right shape of API served by the graphql api.

 

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays