stackoom
  简体   繁体   中英

Is port 443 working for gRPC running behind nginx?

 原文  2021-02-11 04:43:16       docker/ nginx/ ssl/ docker-compose/ grpc

Question

I setup a test environment to place docker, nginx before grpc server. And below are my configurations

docker-compose 

version: '3.8'
services:
    web:
        build: .
        command: gunicorn --timeout 100 --workers 2 --threads 4 django_root.wsgi:application --bind 0.0.0.0:8000
        volumes:
            - static_volume:/public/django_root/static
        expose: 
            - 8000
        env_file: 
            - ./.env.dev
    grpc:
        build: .
        command: python manage.py grpcrunserver 0.0.0.0:50051
        env_file: 
            - ./.env.dev
    nginx:
        build:
          context: ./nginx
          dockerfile: Dockerfile-secure
        volumes:
            - static_volume:/public/django_root/static
        ports:
            - 1337:80
            - 443:50052
        depends_on: 
            - web
            - grpc
volumes: 
    static_volume:

Dockerfile-secure 

FROM nginx:1.19.0-alpine

RUN rm /etc/nginx/conf.d/default.conf
COPY nginx-secure.conf /etc/nginx/conf.d

nginx-secure.conf 

upstream django_root {
    server web:8000;
}

server {

    listen 80;

    location / {
        proxy_pass http://django_root;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;
    }

    location /static/ {
        alias /public/django_root/static/;
    }

}

log_format compression '$remote_addr - $remote_user [$time_local] '
                           '"$request" $status $body_bytes_sent '
                           '"$http_referer" "$http_user_agent" "$gzip_ratio"';

server {
    listen 50052 ssl http2;

    ssl_certificate /etc/nginx/server.crt;
    ssl_certificate_key /etc/nginx/server.key;

    access_log /var/log/nginx/a.log;
    error_log /var/log/nginx/e.log;

    location / {
        grpc_pass grpc://grpc:50051;
    }
}

The problem I hit is port 443 not working as I setup above in docker-compose file, but if I replace it with 8443, then my client can talk with grpc server. The error I can see from my client for port 443 use case is below

E0211 15:08:05.178000000 22572 src/core/tsi/ssl_transport_security.cc:1439] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.

I use self-signed certificate for this test environment on localhost, could this be the problem? I do not see 443 been disallowed for this case in neither nginx site or docker site. Need help on this, and in case 443 not allowed for this case, please refer me to the document.

1 answers

solution1
 0  2021-02-16 02:39:06

Turns out it's certificate itself. Replacing self-signed certificate with let'sencrypt one and deploy to aws makes port 443 working.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question nginx & docker - Forwarding port 80/443 to 3000 Jenkins behind nginx forwarding port 8081 --> 8081 not working Portainer with ssl working only on port 443 and not on 80 How to create an nginx service in a docker swarm at port 443 and 80 Running Odoo behind nginx with docker Running Docker Engine API behind Nginx Get GitLab running behind Nginx Reverse Proxy Trying to get nginx proxy to work on port 80 and 443 for node.js with docker Docker nginx connection refused (port 80 and 443) when using corporate signed certificate AWS EC2: Cannot reach port 80 or 443 (https) using letsencrypt and nginx via docker
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM