Welcome! Log In Create A New Profile

Advanced

grpc_pass and proxy_pass setting up on one nginx conf

Posted by maktoob 
grpc_pass and proxy_pass setting up on one nginx conf
January 30, 2021 04:25AM
Hi there,

1. Can we use grpc for accessing the website also(securely with https)?
I am trying to configure Percona's PMM server with proxy using nginx. Now, the setup is, client <-->proxy server configured with nginx <--> PMM server. Now using the below nginx conf, I am able to get work the pmm but the grafana (at the same time) doesn't work. So I need to config it with a different port instead of 443. Giving the diagram as an attachment.

For data exchange:

------------------------------
server {
listen 443 ssl http2;

server_name proxy_domain.com;

ssl_certificate /etc/nginx/certificates/cert.crt;
ssl_certificate_key /etc/nginx/certificates/cert.key;
ssl_session_cache shared:SSL:10m;

ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;


location / {
grpc_pass grpcs://pmm_server_IP:443;

}
}

-----------------------------------
For grafana :

server {
listen 9116 ssl http2;

server_name proxy_domain.com;

ssl_certificate /etc/nginx/certificates/cert.crt;
ssl_certificate_key /etc/nginx/certificates/cert.key;
ssl_session_cache shared:SSL:10m;

ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;


location / {
proxy_pass https://pmm_server_IP/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;


}
}

---------------------------------------------------


2. I want to get the grafana and the data exchange on the 443 port. So I tried setting up the grpc_pass and proxy_pass on one nginx conf. But it conflicts since I need to use the same location(/). Also I tried to set up different configs with grpc_pass and proxy_pass in them. But since the same server_name(proxy_domain.com) is same it again conflicts.

What I can do for fixing this?
a) Is there a chance where I can use grpc_pass and proxy_pass for the same location?
b)Or I can call a webpage by grpc_pass without using proxy_pass ?

The main point is I need to use a secure connection. Giving the latest conf I am trying but it giving me 502 error with error logs.

---------------------------------------
server {
listen 443 ssl http2;

server_name proxy_domain.com;

ssl_certificate /etc/nginx/certificates/cert.crt;
ssl_certificate_key /etc/nginx/certificates/cert.key;
ssl_session_cache shared:SSL:10m;

ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

location / {
grpc_pass grpcs://pmm_server_IP:443;

grpc_ssl_certificate /etc/nginx/grpc-certs/server-cert.pem;
grpc_ssl_certificate_key /etc/nginx/grpc-certs/server-key.pem;
grpc_ssl_trusted_certificate /etc/nginx/grpc-certs/certca.pem;

grpc_ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
grpc_ssl_name aspen.veerotech.net;
grpc_ssl_verify on;
}
}
-----------------------

I have my domain's wildcard SSL which is correctly working when I am configuring the setup using the proxy_pass.

In my previous configurations, the error was, when I call the webpage(grafana) via 443 with grpc_pass, either I am redirecting to the backend server IP(pmm_server_IP) or I am getting the SSL certificate is not valid. But the same certs are working on proxy_pass configuration.

Any thoughts on it?

https://www.nginx.com/blog/nginx-1-13-10-grpc/#:~:text=gRPC%20is%20a%20remote%20procedure,request%E2%80%91response%20and%20streaming%20interactions.

Here I can only get the grpcs setting up with a GO app. There is no mention of the config if the data exchange is between two nginx config/servers.
Attachments:
open | download - Screenshot_571.jpg (70.3 KB)
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 72
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready