Web gRPC + NGINX TLS配置 [英] web gRPC + NGINX TLS configuration

查看:208
本文介绍了Web gRPC + NGINX TLS配置的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个Node gRPC服务器和一个Web gRPC客户端(带有Angular的TS).我正在使用Nginx作为代理来促进它们之间的通信.

I have a Node gRPC server and an web gRPC client (TS with Angular). I am using Nginx as a proxy to facilitate communication between them.

我不知道如何使用SSL配置Web gRPC客户端(TS).我尝试将当前的Nginx配置和Node配置与Node gRPC客户端(而非Web gRPC)一起使用.在这种情况下有效.

I don't know how to configure the web gRPC client (TS) with SSL. I tried using my current Nginx config and Node config with a Node gRPC client (not web gRPC). It worked in that case.

Node js配置:节点Js配置

Node js config: Node Js Config

生成证书的脚本:

openssl genrsa -passout pass:1111 -des3 -out ca.key 4096

openssl req -passin pass:1111 -new -x509 -days 365 -key ca.key -out ca.crt -subj  "/C=CL/ST=RM/L=Santiago/O=Test/OU=Test/CN=ca"

openssl genrsa -passout pass:1111 -des3 -out server.key 4096

openssl req -passin pass:1111 -new -key server.key -out server.csr -subj  "/C=CL/ST=RM/L=Santiago/O=Test/OU=Server/CN=dev"

openssl x509 -req -passin pass:1111 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

openssl rsa -passin pass:1111 -in server.key -out server.key

openssl genrsa -passout pass:1111 -des3 -out client.key 4096

openssl req -passin pass:1111 -new -key client.key -out client.csr -subj  "/C=CL/ST=RM/L=Santiago/O=Test/OU=Client/CN=dev"

openssl x509 -passin pass:1111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

openssl rsa -passin pass:1111 -in client.key -out client.key

在上面的代码中,在CN = dev中,dev是服务器的etc/hosts文件中的DNS条目,指向服务器自己的地址.

On the above code, in CN=dev, dev is the DNS entry in my server's etc/hosts file pointing to server's own address.

Nginx配置:

server {
    listen 10002 ssl http2;
    # listen 10002 http2;
    # include snippets/self-signed.conf;
    #  include snippets/ssl-params.conf;

    ssl_certificate     certs/client.crt;
    ssl_certificate_key certs/client.key;

    if ($request_method = OPTIONS) {
        return 204;
    }

    add_header 'Access-Control-Allow-Origin' "$http_origin" always;
    add_header Access-Control-Max-Age 3600;
    add_header Access-Control-Expose-Headers Content-Length;
    add_header Access-Control-Allow-Headers Range;
    add_header Access-Control-Allow-Headers x-user-agent;
    add_header Access-Control-Allow-Headers x-grpc-web;
    add_header Access-Control-Allow-Headers content-type;

    grpc_ssl_certificate certs/client.crt;
    grpc_ssl_certificate_key certs/client.key;
    grpc_ssl_trusted_certificate certs/ca.crt;
    grpc_ssl_name ace-dev;
    grpc_ssl_server_name on;    

    # location /Forms.Forms/getExistingForms{
    #   grpc_pass grpcs://backend;
    # };

    location / {
         grpc_pass grpcs://192.168.1.59:50051;
    } 
    #ssl_certificate     ssl/cert.pem;
    #ssl_certificate_key ssl/key.pem;
    #...
}

现在,Web gRPC部分(无法正常工作会产生握手错误,没有正确的文档说明如何执行此操作,因此请尝试查看网络gRPC TLS配置

Now,the web gRPC portion (Not working gives handshake error, no proper documentation how to do it, so tried looking at this and grpcWeb source code and assumed it would go this way) : web gRPC TLS config

这就是我现在所拥有的.任何帮助将不胜感激.

This is all I have right now. Any help would be appreciated.

推荐答案

grpc-web不再积极支持Nginx.Nginx开箱即用,不理解grpc-web请求.支持grpc-web的默认代理是Envoy.您可以查看如何使用其文档配置Envoy.

Nginx is no longer being actively supported for grpc-web. Nginx, out of the box, doesn't understand grpc-web request. The default proxy that supports grpc-web is Envoy. You can look up how to configure Envoy with their documentations.

这篇关于Web gRPC + NGINX TLS配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆