web gRPC + NGINX TLS 配置

Question

I have a Node gRPC server and an web gRPC client (TS with Angular).我有一个 Node gRPC 服务器和一个 web gRPC 客户端（带有 Angular 的 TS）。 I am using Nginx as a proxy to facilitate communication between them.我使用 Nginx 作为代理来促进它们之间的通信。

I don't know how to configure the web gRPC client (TS) with SSL.我不知道如何使用 SSL 配置 web gRPC 客户端 (TS)。 I tried using my current Nginx config and Node config with a Node gRPC client (not web gRPC).我尝试将当前的 Nginx 配置和节点配置与 Node gRPC 客户端（不是 web gRPC）一起使用。 It worked in that case.在那种情况下它起作用了。

Node js config: Node Js Config节点 js 配置：节点 js 配置

Script to generate certificates:生成证书的脚本：

openssl genrsa -passout pass:1111 -des3 -out ca.key 4096

openssl req -passin pass:1111 -new -x509 -days 365 -key ca.key -out ca.crt -subj  "/C=CL/ST=RM/L=Santiago/O=Test/OU=Test/CN=ca"

openssl genrsa -passout pass:1111 -des3 -out server.key 4096

openssl req -passin pass:1111 -new -key server.key -out server.csr -subj  "/C=CL/ST=RM/L=Santiago/O=Test/OU=Server/CN=dev"

openssl x509 -req -passin pass:1111 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

openssl rsa -passin pass:1111 -in server.key -out server.key

openssl genrsa -passout pass:1111 -des3 -out client.key 4096

openssl req -passin pass:1111 -new -key client.key -out client.csr -subj  "/C=CL/ST=RM/L=Santiago/O=Test/OU=Client/CN=dev"

openssl x509 -passin pass:1111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

openssl rsa -passin pass:1111 -in client.key -out client.key

On the above code, in CN=dev, dev is the DNS entry in my server's etc/hosts file pointing to server's own address.在上面的代码中，在 CN=dev 中，dev 是我服务器的 etc/hosts 文件中指向服务器自己地址的 DNS 条目。

Nginx config: Nginx 配置：

server {
    listen 10002 ssl http2;
    # listen 10002 http2;
    # include snippets/self-signed.conf;
    #  include snippets/ssl-params.conf;

    ssl_certificate     certs/client.crt;
    ssl_certificate_key certs/client.key;

    if ($request_method = OPTIONS) {
        return 204;
    }

    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
    add_header Access-Control-Max-Age 3600;
    add_header Access-Control-Expose-Headers Content-Length;
    add_header Access-Control-Allow-Headers Range;
    add_header Access-Control-Allow-Headers x-user-agent;
    add_header Access-Control-Allow-Headers x-grpc-web;
    add_header Access-Control-Allow-Headers content-type;

    grpc_ssl_certificate certs/client.crt;
    grpc_ssl_certificate_key certs/client.key;
    grpc_ssl_trusted_certificate certs/ca.crt;
    grpc_ssl_name ace-dev;
    grpc_ssl_server_name on;    

    # location /Forms.Forms/getExistingForms{
    #   grpc_pass grpcs://backend;
    # };

    location / {
         grpc_pass grpcs://192.168.1.59:50051;
    } 
    #ssl_certificate     ssl/cert.pem;
    #ssl_certificate_key ssl/key.pem;
    #...
}

Now,the web gRPC portion (Not working gives handshake error, no proper documentation how to do it, so tried looking at this and grpcWeb source code and assumed it would go this way): web gRPC TLS config现在，web gRPC 部分（不工作会导致握手错误，没有正确的文档如何操作，因此尝试查看此和 grpcWeb 源代码并假设它会 go 这种方式）： Z2567A5EC9705EB7AC2DZC9840

This is all I have right now.这就是我现在所拥有的。 Any help would be appreciated.任何帮助，将不胜感激。

Answer 1

Nginx is no longer being actively supported for grpc-web. grpc-web 不再积极支持 Nginx。 Nginx, out of the box, doesn't understand grpc-web request. Nginx，开箱即用，不理解 grpc-web 请求。 The default proxy that supports grpc-web is Envoy.支持 grpc-web 的默认代理是 Envoy。 You can look up how to configure Envoy with their documentations.您可以查看如何使用他们的文档配置 Envoy。

web gRPC + NGINX TLS 配置

问题描述

1 个解决方案

解决方案1
1 已采纳 2020-05-06 18:05:00

web gRPC + NGINX TLS 配置

问题描述

1 个解决方案

解决方案1 1 已采纳 2020-05-06 18:05:00

解决方案1
1 已采纳 2020-05-06 18:05:00