2017-09-16 08:56:02 +00:00
# gRPC example
This section explains how to use Traefik as reverse proxy for gRPC application with self-signed certificates.
!!! warning
2018-05-24 08:52:04 +00:00
As gRPC needs HTTP2, we need HTTPS certificates on Træfik.
For exchanges with the backend, we will use h2c (HTTP2 on HTTP without TLS)
2017-09-16 08:56:02 +00:00
< p align = "center" >
< img src = "/img/grpc.svg" alt = "gRPC architecture" title = "gRPC architecture" / >
< / p >
## gRPC Client certificate
Generate your self-signed certificate for frontend url:
```bash
2017-10-02 09:34:03 +00:00
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./frontend.key -out ./frontend.cert
2017-09-16 08:56:02 +00:00
```
with
```
Common Name (e.g. server FQDN or YOUR name) []: frontend.local
```
## Træfik configuration
At last, we configure our Træfik instance to use both self-signed certificates.
```toml
defaultEntryPoints = ["https"]
[entryPoints]
[entryPoints.https]
address = ":4443"
[entryPoints.https.tls]
# For secure connection on frontend.local
[[entryPoints.https.tls.certificates]]
certFile = "./frontend.cert"
keyFile = "./frontend.key"
2018-01-11 08:46:03 +00:00
[api]
2017-09-16 08:56:02 +00:00
[file]
[backends]
[backends.backend1]
[backends.backend1.servers.server1]
2018-05-24 08:52:04 +00:00
# Access on backend with h2c
url = "h2c://backend.local:8080"
2017-09-16 08:56:02 +00:00
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.routes.test_1]
rule = "Host:frontend.local"
```
2017-10-10 10:14:03 +00:00
!!! warning
2018-05-24 08:52:04 +00:00
For provider with label, you will have to specify the `traefik.protocol=h2c`
2017-10-10 10:14:03 +00:00
2017-09-16 08:56:02 +00:00
## Conclusion
2018-05-24 08:52:04 +00:00
We don't need specific configuration to use gRPC in Træfik, we just need to be careful that exchanges between client and Træfik are HTTPS communications.
For exchanges between Træfik and backend, you need to use `h2c` protocol, or use HTTPS communications to have HTTP2.
2017-09-16 08:56:02 +00:00
## A gRPC example in go
We will use the gRPC greeter example in [grpc-go ](https://github.com/grpc/grpc-go/tree/master/examples/helloworld )
2018-05-24 08:52:04 +00:00
We can keep the Server example as is with the h2c protocol
2017-09-16 08:56:02 +00:00
```go
// ...
2018-05-24 08:52:04 +00:00
lis, err := net.Listen("tcp", port)
2017-09-16 08:56:02 +00:00
if err != nil {
2018-05-24 08:52:04 +00:00
log.Fatalf("failed to listen: %v", err)
2017-09-16 08:56:02 +00:00
}
2018-05-24 08:52:04 +00:00
var s *grpc.Server = grpc.NewServer()
2017-09-16 08:56:02 +00:00
defer s.Stop()
2017-10-02 09:34:03 +00:00
pb.RegisterGreeterServer(s, & server{})
2017-09-16 08:56:02 +00:00
err := s.Serve(lis)
// ...
```
2018-05-24 08:52:04 +00:00
!!! warning
In order to use this gRPC example, we need to modify it to use HTTPS
2017-09-16 08:56:02 +00:00
Next we will modify gRPC Client to use our Træfik self-signed certificate:
```go
// ...
// Read cert file
2017-10-02 09:34:03 +00:00
FrontendCert, _ := ioutil.ReadFile("./frontend.cert")
2017-09-16 08:56:02 +00:00
// Create CertPool
roots := x509.NewCertPool()
roots.AppendCertsFromPEM(FrontendCert)
// Create credentials
credsClient := credentials.NewClientTLSFromCert(roots, "")
// Dial with specific Transport (with credentials)
2017-10-02 09:34:03 +00:00
conn, err := grpc.Dial("frontend.local:4443", grpc.WithTransportCredentials(credsClient))
2017-09-16 08:56:02 +00:00
if err != nil {
2017-10-02 09:34:03 +00:00
log.Fatalf("did not connect: %v", err)
2017-09-16 08:56:02 +00:00
}
defer conn.Close()
2017-10-02 09:34:03 +00:00
client := pb.NewGreeterClient(conn)
2017-09-16 08:56:02 +00:00
name := "World"
2017-10-02 09:34:03 +00:00
r, err := client.SayHello(context.Background(), & pb.HelloRequest{Name: name})
2017-09-16 08:56:02 +00:00
// ...
```
