nginx反代grpc
# nginx需要支持http2
# nginx-1.24.0 版本
./configure --with-http_v2_module --with-openssl=/openssl-3.0.2
make
make install
1
2
3
4
2
3
4
# 明文传输
upstream gprc19090{
server 10.1.1.1:19090;
}
server {
listen 19090 http2;
location / {
grpc_pass grpc://gprc19090;
}
}
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
# 单向认证
upstream grpcssl29090{
server 10.1.1.1:29090;
}
server {
listen 29090 ssl http2;
ssl_certificate /tmp/server.cert.pem;
ssl_certificate_key /tmp/server.key.pem;
location / {
grpc_pass grpc://grpcssl29090;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
2
3
4
5
6
7
8
9
10
11
12
13
14
# 双向认证
upstream grpcdssl39090{
server 10.1.1.1:39090;
}
server {
listen 39090 ssl http2;
ssl_certificate /tmp/server.cert.pem;
ssl_certificate_key /tmp/server.key.pem;
ssl_client_certificate /tmp/cacert.pem;
#ssl_crl /tmp/crl.pem; # 吊销证书列表
ssl_verify_client on;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
grpc_pass grpc://grpcdssl39090;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
上次更新: 2024/06/05, 16:23:38
|