How do i connect to dgraph using the nodejs client via ssl?

scroobius-pip · September 9, 2020, 5:36am

I’m trying to connect my api service to the dgraph (slash) server.

I create the certificate files with:

dgraph cert
dgraph certs -n gas-person-5102.us-west-2.aws.cloud.dgraph.io:443
dgraph cert -c dgraphuser

This doesn’t work:

E0908 22:13:56.260000000  6708 ssl_transport_security.cc:1245] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.

i suspect i’m not creating the certificates the correct way, could someone help me with this ?

The address for the slash instance is gas-person-5102.us-west-2.aws.cloud.dgraph.io:443

The api service is hosted on zeit.

gja · September 9, 2020, 4:38am

@Anurag is currently working on better support in the various clients, so we should have a public PR in a few days.

In the meanwhile, your grpc endpoint is gas-person-5102.grpc.us-west-2.aws.cloud.dgraph.io:443 (note the extra grpc in the hostname).

You will have to do two things:

Use your system’s SSL CA pool
Pass the auth key to every request on the channel.

We have a python example here: https://dgraph.io/docs/slash-graphql/advanced-queries/ and an example with dgo here: https://github.com/dgraph-io/dgraph/blob/master/contrib/integration/bank/main.go#L327.

scroobius-pip · September 9, 2020, 7:52am

@gja Thanks for the help, sorry i’m not sure how to use my system’s ssl ca pool. Are there any tutorials you could point me to ?

scroobius-pip · September 15, 2020, 3:00pm

@Anurag Hi, how’s this going ?

marwan-at-work · September 15, 2020, 3:18pm

I am also trying to follow the Go example above (which btw only found it here as opposed to any official docs anywhere).

I end up with the following error:

rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: address https://mogudev.grpc.us-west-2.aws.cloud.dgraph.io:443: too many colons in address"

If I remove the “:443” I get a different error:

rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup tcp///mogudev.grpc.us-west-2.aws.cloud.dgraph.io: nodename nor servname provided, or not known"

I know I’m doing something wrong somewhere, but it is a tad frustrating that I’ve spent the better part of a day just trying to configure a client connection

Thanks!

UPDATE: looks like I just needed to remove the scheme (https) from my URL.

Would love some official more clear docs on this especially on the Client Libraries page https://dgraph.io/docs/clients/

Anurag · September 25, 2020, 12:30am

@marwan-at-work Following PR (https://github.com/dgraph-io/dgo/pull/137) introduces an easier way to connect directly for gRPC requests;

graphQlEndpoint := "https://xxx.us-west-2.aws.cloud.dgraph.io/graphql"
apiKey := ""
dg, _ := dgo.DialSlashGraphQLEndpoint(graphQlEndpoint, apiKey)

marwan-at-work · September 16, 2020, 3:19pm

@Anurag that’s great. Thank you. Would love to see more docs on this so that people can find this function easier.

chewxy · September 17, 2020, 9:49pm

Yeah, I also just found it by using godoc.org instead of pkg.go.dev.

We will need to massively improve our docs.

gja · September 21, 2020, 1:23pm

Quick update: we’ve gotten support into Python and Golang. We’ve been struggling with node because I don’t think node-grpc supports system SSL certs for some reason. Hopefully more updates here soon

scroobius-pip · September 22, 2020, 11:07pm

Alright thanks, i’ll have to port my code to the dgraph-js-http library

Anurag · September 25, 2020, 12:30am

@scroobius-pip This PR https://github.com/dgraph-io/dgraph-js/pull/125 extends dgraph-js client. You can use

const clientStub = new dgraph.clientStubFromSlashGraphQLEndpoint(
  graphQlEndpoint,
  apiKey
);
const dgraphClient = new dgraph.DgraphClient(clientStub);

to connect directly to dgraph.