端口 443 是否适用于在 nginx 后面运行的 gRPC?
[英]Is port 443 working for gRPC running behind nginx?
问题描述
I setup a test environment to place docker, nginx before grpc server.
我设置了一个测试环境,将 docker、nginx 放置在 grpc 服务器之前。 And below are my configurations以下是我的配置
docker-compose docker-compose
version: '3.8'
services:
web:
build: .
command: gunicorn --timeout 100 --workers 2 --threads 4 django_root.wsgi:application --bind 0.0.0.0:8000
volumes:
- static_volume:/public/django_root/static
expose:
- 8000
env_file:
- ./.env.dev
grpc:
build: .
command: python manage.py grpcrunserver 0.0.0.0:50051
env_file:
- ./.env.dev
nginx:
build:
context: ./nginx
dockerfile: Dockerfile-secure
volumes:
- static_volume:/public/django_root/static
ports:
- 1337:80
- 443:50052
depends_on:
- web
- grpc
volumes:
static_volume:
Dockerfile-secure Dockerfile 安全
FROM nginx:1.19.0-alpine
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx-secure.conf /etc/nginx/conf.d
nginx-secure.conf nginx-secure.conf
upstream django_root {
server web:8000;
}
server {
listen 80;
location / {
proxy_pass http://django_root;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /static/ {
alias /public/django_root/static/;
}
}
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
server {
listen 50052 ssl http2;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
access_log /var/log/nginx/a.log;
error_log /var/log/nginx/e.log;
location / {
grpc_pass grpc://grpc:50051;
}
}
The problem I hit is port 443 not working as I setup above in docker-compose file, but if I replace it with 8443, then my client can talk with grpc server.我遇到的问题是端口 443 无法正常工作,因为我在上面的 docker-compose 文件中设置,但如果我用 8443 替换它,那么我的客户端可以与 grpc 服务器通信。 The error I can see from my client for port 443 use case is below我可以从客户端看到的端口 443 用例的错误如下
E0211 15:08:05.178000000 22572 src/core/tsi/ssl_transport_security.cc:1439] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
I use self-signed certificate for this test environment on localhost, could this be the problem?我在本地主机上为这个测试环境使用自签名证书,这可能是问题吗? I do not see 443 been disallowed for this case in neither nginx site or docker site.在 nginx 站点或 docker 站点中,我没有看到 443 被禁止用于这种情况。 Need help on this, and in case 443 not allowed for this case, please refer me to the document.在这方面需要帮助,如果这种情况下不允许使用 443,请参考我的文档。
1 个解决方案
解决方案1
0 2021-02-16 02:39:06
Turns out it's certificate itself.原来它是证书本身。 Replacing self-signed certificate with let'sencrypt one and deploy to aws makes port 443 working.用 let'sencrypt 替换自签名证书并部署到 aws 使端口 443 工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.