DEV Community

ADITYA OKKE SUGIARSO
ADITYA OKKE SUGIARSO

Posted on

How to secure internal-authorization header

stack:
graphql
nginx
docker-compose

request flow diagram

Image description

nginx config to allowlist request from other service by using their internal IP



server {
    listen 7000;
    allow 10.101.0.01;
    # internal IP of service A
    deny all;


    location / {
        proxy_pass http://api-project-B:7000;
        # api-project-B is service name on docker-compose
        # 7000 is port used by the application on api-project-B service
    }
}
Enter fullscreen mode Exit fullscreen mode

if your user service and gateway service on 1 instance, and you need internal-authorization header implemented on user service, you can deny access to the user graphql URL so the client can only access to user graphql through gateway



server {
    listen 443 ssl http2;

    location / {
        proxy_pass http://api-gateway:5000;
    }
    # deny access to /user/graphql from client
    location /user/graphql {
        deny all;
    }
}
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

afiya_shafiq_54fda8d136b4 profile image

How do you keep abreast of the newest technology trends and tools?

Afiya Shafiq -

shivam_agnihotri profile image

The Future of DevOps – Beyond Automation to Data, AI, and Intelligent Observability : Day 50 of 50 days DevOps Tools Series

Shivam Agnihotri -

rexgopher profile image

Mastering Your macOS iCloud Drive with PARA and Smart Folders

Rajat Singh -

camilaferreiranas profile image

jUnit - Testes unitários em Java

Camila Ferreira -