Description
I am trying to expose a grpc service through nginx-proxy. Exposed over an unencrypted connection (port 80), everything works as expected. If I try to access the service through an encrpyted connection (port 443) I receive the following error in most grpc testing tools: Received RST_STREAM with code 2 triggered by internal client error: Protocol error
The connection from nginx-proxy to the grpc service should not be encrypted. The generated nginx config looks like this:
# mygrpcservice.example.com/
upstream mygrpcservice.example.com {
# Container: bettercampus_bettercampusserver_1
# networks:
# nginx_proxy (reachable)
# IPv4 address: 10.89.2.14
# IPv6 address: (none usable)
# exposed ports (first ten): 8080/tcp 8090/tcp
# default port: 80
# using port: 8090
# /!\ WARNING: Virtual port published on host. Clients
# might be able to bypass nginx-proxy and
# access the container's server directly.
server 10.89.2.14:8090;
keepalive 2;
}
server {
server_name mygrpcservice.example.com;
access_log /var/log/nginx/access.log vhost;
http2 on;
listen 80 ;
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
listen 443 ssl ;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/mygrpcservice.example.com.crt;
ssl_certificate_key /etc/nginx/certs/mygrpcservice.example.com.key;
ssl_dhparam /etc/nginx/certs/mygrpcservice.example.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/mygrpcservice.example.com.chain.pem;
include /etc/nginx/vhost.d/mygrpcservice.example.com;
location / {
grpc_pass grpc://mygrpcservice.example.com;
}
}
Other "normal" http services using the same nginx-config instance and only standard config (port and host defined via environment variable)