web gRPC + NGINX TLS configuration

Question

I have a Node gRPC server and an web gRPC client (TS with Angular). I am using Nginx as a proxy to facilitate communication between them.

I don't know how to configure the web gRPC client (TS) with SSL. I tried using my current Nginx config and Node config with a Node gRPC client (not web gRPC). It worked in that case.

Node js config: Node Js Config

Script to generate certificates:

openssl genrsa -passout pass:1111 -des3 -out ca.key 4096

openssl req -passin pass:1111 -new -x509 -days 365 -key ca.key -out ca.crt -subj  "/C=CL/ST=RM/L=Santiago/O=Test/OU=Test/CN=ca"

openssl genrsa -passout pass:1111 -des3 -out server.key 4096

openssl req -passin pass:1111 -new -key server.key -out server.csr -subj  "/C=CL/ST=RM/L=Santiago/O=Test/OU=Server/CN=dev"

openssl x509 -req -passin pass:1111 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

openssl rsa -passin pass:1111 -in server.key -out server.key

openssl genrsa -passout pass:1111 -des3 -out client.key 4096

openssl req -passin pass:1111 -new -key client.key -out client.csr -subj  "/C=CL/ST=RM/L=Santiago/O=Test/OU=Client/CN=dev"

openssl x509 -passin pass:1111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

openssl rsa -passin pass:1111 -in client.key -out client.key

On the above code, in CN=dev, dev is the DNS entry in my server's etc/hosts file pointing to server's own address.

Nginx config:

server {
    listen 10002 ssl http2;
    # listen 10002 http2;
    # include snippets/self-signed.conf;
    #  include snippets/ssl-params.conf;

    ssl_certificate     certs/client.crt;
    ssl_certificate_key certs/client.key;

    if ($request_method = OPTIONS) {
        return 204;
    }

    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
    add_header Access-Control-Max-Age 3600;
    add_header Access-Control-Expose-Headers Content-Length;
    add_header Access-Control-Allow-Headers Range;
    add_header Access-Control-Allow-Headers x-user-agent;
    add_header Access-Control-Allow-Headers x-grpc-web;
    add_header Access-Control-Allow-Headers content-type;

    grpc_ssl_certificate certs/client.crt;
    grpc_ssl_certificate_key certs/client.key;
    grpc_ssl_trusted_certificate certs/ca.crt;
    grpc_ssl_name ace-dev;
    grpc_ssl_server_name on;    

    # location /Forms.Forms/getExistingForms{
    #   grpc_pass grpcs://backend;
    # };

    location / {
         grpc_pass grpcs://192.168.1.59:50051;
    } 
    #ssl_certificate     ssl/cert.pem;
    #ssl_certificate_key ssl/key.pem;
    #...
}

Now,the web gRPC portion (Not working gives handshake error, no proper documentation how to do it, so tried looking at this and grpcWeb source code and assumed it would go this way) : web gRPC TLS config

This is all I have right now. Any help would be appreciated.

score 1 · Accepted Answer · answered May 06 '20 at 18:05

1

Nginx is no longer being actively supported for grpc-web. Nginx, out of the box, doesn't understand grpc-web request. The default proxy that supports grpc-web is Envoy. You can look up how to configure Envoy with their documentations.

answered May 06 '20 at 18:05

Stanley Cheung

347
1
3

web gRPC + NGINX TLS configuration

1 Answers1

Linked