0

I have a backend service that I want to expose via grpc-web.

I'm able to use the service directly via the public IP of the ec2 instance. But when I try to access it via the invocation URL of API Gateway I get a CORS error.

I want to add JWT authentication that's why I want to expose the API via API-Gateway.

Here is my configuration:

Envoy.yml


admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address: { address: 0.0.0.0, port_value: 9901 }

static_resources:
  listeners:
    - name: listener_sim
      address:
        socket_address: { address: 0.0.0.0, port_value: 8080 }
      filter_chains:
        - filters:
          - name: envoy.filters.network.http_connection_manager
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
              codec_type: auto
              stat_prefix: ingress_http
              route_config:
                name: local_route
                virtual_hosts:
                  - name: local_service
                    domains: ["*"]
                    routes:
                      - match: { prefix: "/" }
                        route:
                          cluster: rtdxc_service
                          timeout: 0s
                          max_stream_duration:
                            grpc_timeout_header_max: 0s
                    cors:
                      allow_origin_string_match:
                        - prefix: "*"
                      allow_methods: GET, PUT, DELETE, POST, OPTIONS
                      allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
                      max_age: "1728000"
                      expose_headers: grpc-status,grpc-message
              http_filters:
                - name: envoy.filters.http.grpc_web
                  typed_config:
                    "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
                - name: envoy.filters.http.cors
                  typed_config:
                    "@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
                - name: envoy.filters.http.router
                  typed_config:
                    "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
  clusters:
    - name: grpc_server
      connect_timeout: 0.25s
      type: logical_dns
      http2_protocol_options: {}
      lb_policy: round_robin
      load_assignment:
        cluster_name: rtdxc_0
        endpoints:
          - lb_endpoints:
            - endpoint:
                address:
                  socket_address:
                    address: grpc_server
                    port_value: 8081

Here is my docker-compose.yml

version: '3.8'

services:

  grpc_server:
    image: XXXXXX
    user: ${UID}:${GID}
    ports:
      - 8081:8081
    tty: true

  
  proxy: 
    ports:
        - 9091:9091
        - 8080:8080
    image: envoyproxy/envoy:v1.22.0
    volumes:
        - ./envoy/envoy.yml:/etc/envoy/envoy.yaml:ro
    tty:
      true

I have mapped API gateway with the following configuration:

ANY / mappes to the public domain of the ec2 instance on port 8080

If I add CORS configuration in the API Gateway , The OPTION request returns 204 with propper cors headers, but POST request does not return proper headers. If I disable CORS configuration in the API gateway, the OPTIONS request also fails due to CORS issue.

Voneone
  • 21
  • 4
  • If you have a better alternative on how to deploy grpc-web and also add authentication via some AWS service ( lambda ? ) please mention it. – Voneone Feb 16 '23 at 10:18

0 Answers0