Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support grpc proxy with insecure mode #3496

Closed
sysulq opened this issue Feb 2, 2021 · 11 comments
Closed

feat: support grpc proxy with insecure mode #3496

sysulq opened this issue Feb 2, 2021 · 11 comments
Labels
enhancement New feature or request

Comments

@sysulq
Copy link
Contributor

sysulq commented Feb 2, 2021
edited
Loading

I checked the current implementation, for now apisix seems only support grpc proxy with ssl.

In my case, we want to try apisix to balance grpc traffic with insecure mode in intranet environment.

Is there any reason not to support grpc without ssl enabled? Looking forward to your reply :-)

        {% for _, port in ipairs(node_listen) do %}
        listen {* port *} {% if enable_reuseport then %} reuseport {% end %};
        {% end %}
        {% if ssl.enable then %}
        {% for _, port in ipairs(ssl.listen_port) do %}
        listen {* port *} ssl {% if ssl.enable_http2 then %} http2 {% end %} {% if enable_reuseport then %} reuseport {% end %};
        {% end %}
        {% end %}
@spacewander spacewander added the enhancement New feature or request label Feb 2, 2021
@spacewander
Copy link
Member

Maybe we can allow plaintext HTTP2?

@sysulq
Copy link
Contributor Author

sysulq commented Feb 2, 2021

Maybe we can allow plaintext HTTP2?

That's it.

@nic-chen
Copy link
Member

nic-chen commented Feb 2, 2021

@hnlq715 PR is welcome.

@sysulq
Copy link
Contributor Author

sysulq commented Feb 3, 2021

@spacewander @nic-chen
Seems like nginx do not support h2c and http1 on the same port without ssl...
So, maybe we need to add a new port for this?

nginx issue:
https://trac.nginx.org/nginx/ticket/816

without ssl:

https://github.com/nginx/nginx/blob/9e07862d6e9d37041a42bbfa34dd1f56ed547505/src/http/ngx_http_request.c#L324-L331

with ssl:

https://github.com/nginx/nginx/blob/9e07862d6e9d37041a42bbfa34dd1f56ed547505/src/http/ngx_http_request.c#L812-L831

@spacewander spacewander mentioned this issue Feb 3, 2021
Closed
@membphis
Copy link
Member

membphis commented Feb 3, 2021

Seems like nginx do not support h2c and http1 on the same port without ssl...

confirm this ^_^

@tokers
Copy link
Contributor

tokers commented Feb 4, 2021

Seems like nginx do not support h2c and http1 on the same port without ssl...

confirm this ^_^

That's true, we cannot use same port for both http/1.1 and http2 if we don't use TLS/SSL.

@spacewander
Copy link
Member

Maybe we can extend the array format of node_listen, allow providing http2 flag?

apisix/conf/config-default.yaml

Line 23 in 1e35cc0

node_listen: 9080 # APISIX listening port

@tokers
Copy link
Contributor

tokers commented Feb 4, 2021

Maybe we can extend the array format of node_listen, allow providing http2 flag?

That's good.

@sysulq
Copy link
Contributor Author

sysulq commented Feb 4, 2021

Maybe we can extend the array format of node_listen, allow providing http2 flag?

apisix/conf/config-default.yaml

Line 23 in 1e35cc0

node_listen: 9080 # APISIX listening port

It’s good if we do not need to consider compatibility

@spacewander
Copy link
Member

We should support current way too.

@sysulq sysulq mentioned this issue Feb 7, 2021
Merged
4 tasks
@spacewander
Copy link
Member

Solved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sysulq @spacewander @membphis @tokers @nic-chen