WunderGraphGateway Configuration
Introduction
All configuration files for the WunderGraph Gateway framework are stored in the same directory as the
wundergraph binary. Each option is documented - so feel free to browse the configuration files to familiarize
yourself with the options available to you.
All configuration options can be set via environment variable, or via config file. Environment variables take precedence over any fields set within the config file.
In a fresh WunderGraph installation, you will find a .env.example with some defaults. Feel free to copy it to
.env and use it as a base to properly configure your WunderGraph Gateway.
All Environment variables are prefixed with GATEWAY to act as a kind of namespace. As such, if you have other
services or environment variables running on the same machine as the gateway, we won't accidentally pick up settings
for that other service.
Configuration Reference
Gateway Runtime Configuration
The WunderGraph Gateway can either run as a development or production gateway. You may obtain your GATEWAY_SECRET
from https://console.wundergraph.com/wundernodes
GATEWAY_HTTP_PORT represents the listen port of the WunderGraph Gateway.
GATEWAY_LOG_LEVEL allows you to configure gateway logging verbosity. This is particularly useful for debugging purposes.
Acceptable verbosity levels include:
info- Defaultdebugfatal
Gateway TLS Configuration
Bring your own Certificates
If you are working in dev and don't have any certificates yet, you may create your own self-signed certificates using openssl follows:
Feel free to edit your /etc/hosts file, and use your own domain name such as wundernode.development, and you can
modify /CN=localhost to /CN=wundernode.development.
You will then need to tell WunderNode to start with TLS enabled and provide the path of your key and certificate
Automatic Letsencrypt
In production, you might want to take advantage of WunderNode's integration with LetsEncrypt for automatic TLS. In
order to enable this, simply deploy your WunderNode and create a DNS entry pointing to the IP address of your node.
Assuming the hostname of your WunderNode is wundernode.mycompay.io, you will need to modify / add the following
to your .env file.
You're WunderNode will cache any certificates inside etcd & will automatically handle renewal of the certificates.
Gateway Authentication Configuration
The WunderGraph Gateway can protect your apps using OpenID Connect. The Gateway uses OIDC to drive authentication for the apps it manages.
The Gateway federates to other identity providers through providers. This lets WunderGraph Gateway defer authentication to identity providers such as GitHub, Google, Linkedin and any OIDC compliant identity provider.
GATEWAY_AUTH__ISSUER_BASE
This is the base URL of your WunderGraph Gateway. For development purposes, it might be http://127.0.0.1:8080, but
your production Gateway might be https://myawesomewundergraphgateway.io.
If you have 3 apps being hosted by your WunderGraph Gateway (Foo, Bar and Baz), then the OIDC issuers for each
of these apps will become:
Auth Database Configuration
At present, we only support etcd as the datastore. Any other value will be ignored for GATEWAY_AUTH__DB_TYPE.
GATEWAY_AUTH__DB_CONF__ENDPOINTS Are space separated strings targeting your etcd cluster endpoints.
For a single node cluster (e.g. a development environment), this value may be 127.0.0.1:2379.
The remainder of the config options should be self-explanatory.