Is it possible to use Caddy 2 as reverse proxy to GRPC?
Caddy’s an HTTP/2 reverse proxy, so, yep.
1 Like
is there anything like grpc_pass in nginx?
i saw there was grpc in caddy 1 but i don’t know how in caddy 2.
GRPC uses HTTP/2 frames, yeah? It should “just work” without any extra config, as long as HTTP/2 is being used.
getting 502 
That means it couldn’t connect to your backend.
If you want help, please report more information: your full, unredacted config, your full, unredacted logs, curl commands (or grpcurl) so we can reproduce the same issues you’re seeing on our own computers.
1 Like
nginx 1.17 working ok, everything same.
caddy 2 rc3, i am getting following error at client side. I am not sure if it’s my mistake
E0503 23:49:29.997000000 13812 src/core/tsi/ssl_transport_security.cc:1379] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.
We still need much more info. We need your full config, the commands you used to test and your full logs. You’re basically telling us “it’s not working!” without telling us what “it” is. We can’t read your mind!
2 Likes
Sorry for that 
I am not sure about my config
My caddy file is:
grpc.example.com {
reverse_proxy 127.0.0.1:5054
}
Also i tried
grpc.example.com { reverse_proxy grpc://127.0.0.1:5054 }
Also i tried
grpc.example.com:50051 { reverse_proxy grpc://127.0.0.1:5054 }
Also i tried
:50051 {
reverse_proxy 127.0.0.1.5054
}
My working nginx config is
server { listen 50051 http2 ssl ...; ... location / { grpc_pass grpc://127.0.0.1:5054 } ssl_certificate ... ssl_certificate_key ...
journalctl -u caddy
May 03 21:02:58 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/03 21:02:58 http: TLS handshake error from 212.X.X.X:65478: no certificate available for ‘grpc.example.com’
May 03 21:51:45 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/03 21:51:45 http: TLS handshake error from 142.X.X.X:42678: no certificate available for ‘grpc.example.com’
May 03 21:51:48 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/03 21:51:48 http: TLS handshake error from 172.X.X.X:51544: no certificate available for ‘grpc.example.com’
May 03 21:51:56 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/03 21:51:56 http: TLS handshake error from 64.X.X.X:48094: no certificate available for ‘grpc.example.com’
May 03 21:52:00 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/03 21:52:00 http: TLS handshake error from 46.X.X.X:44748: EOF
May 03 21:52:01 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/03 21:52:01 http: TLS handshake error from 46.X.X.X:45622: tls: first record does not look like a TLS handshake
May 03 21:52:01 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/03 21:52:01 http: TLS handshake error from 46.X.X.X:45634: tls: client offered only unsupported versions: []
May 04 00:13:30 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 00:13:30 http: TLS handshake error from 171.X.X.X:47456: no certificate available for ‘161.X.X.X’
May 04 00:43:32 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 00:43:32 http: TLS handshake error from 193.X.X.X:55082: no certificate available for ‘161.X.X.X’
May 04 01:09:21 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 01:09:21 http: TLS handshake error from 192.X.X.X:33478: no certificate available for ‘161.X.X.X’
May 04 01:58:53 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 01:58:53 http: TLS handshake error from 45.X.X.X:49948: tls: first record does not look like a TLS handshake
May 04 02:05:09 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 02:05:09 http: TLS handshake error from 66.X.X.X:41800: tls: first record does not look like a TLS handshake
May 04 03:08:33 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 03:08:33 http: TLS handshake error from 208.X.X.X:2414: EOF
May 04 03:08:35 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 03:08:35 http: TLS handshake error from 208.X.X.X:23285: tls: unsupported SSLv2 handshake received
May 04 03:08:58 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 03:08:58 http: TLS handshake error from 208.X.X.X:23630: tls: client offered only unsupported versions: []
May 04 03:09:10 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 03:09:10 http: TLS handshake error from 208.X.X.X:39229: tls: client offered only unsupported versions: [301]
May 04 03:09:17 ubuntu-s-1vcpu-1gb-fra1-01 caddy[17490]: 2020/05/04 03:09:17 http: TLS handshake error from 208.X.X.X:20522: tls: client offered only unsupported versions: [302 301]
my grpc server’s config - nodejs
var routeServer = getServer();
routeServer.bind(‘127.0.0.1:50051’, grpc.ServerCredentials.createInsecure());
routeServer.start();
my grpc client’s config - python
creds = grpc.ssl_channel_credentials()
channel =grpc.secure_channel(‘grpc.example.com:443’, creds) # also tried different ports 50051 etc.
stub = comm_pb2_grpc.CommStub(channel)
unsupported sslv2 handshake
well, grpc clients are very interesting, when i change to nodejs client with nginx reverse proxy, i am getting http1.1 response error. well my nginx config is definitely http2 and python client is working.
also i need to change my server to @grpc/grpc-js
HTTP/2 requires HTTPS, are you sure you’re using HTTPS to your upstream?
well i will revise my server. i am getting different behaviours with different clients and servers
then i will try caddy 2 as reverse proxy to apache couchdb
1 Like
Okie, keep us posted!
FWIW, I do know grpc proxying works – I have done it myself – you just need to use HTTP/2, which requires HTTPS. (Caddy 2.1 will not require TLS for HTTP/2.)
1 Like
Yes it appears to be a problem of former node-grpc package. Strange behaviours…
I revised server with brand new grpc-js and now it’s working great.
So i confirm that, grpc is working great with Caddy. It’s like a joke only 3 lines of configuration .
5 Likes
Awesome, glad to hear it!!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.