title |
---|
gRPC Proxy |
proxying gRPC traffic: gRPC client -> APISIX -> gRPC/gRPCS server
scheme
: thescheme
of the route's upstream must begrpc
orgrpcs
.uri
: format likes /service/method, Example:/helloworld.Greeter/SayHello
Here's an example, to proxying gRPC service by specified route:
- attention: the
scheme
of the route's upstream must begrpc
orgrpcs
. - attention: APISIX use TLS‑encrypted HTTP/2 to expose gRPC service, so need to config SSL certificate
- attention: APISIX also support to expose gRPC service with plaintext HTTP/2, which does not rely on TLS, usually used to proxy gRPC service in intranet environment
- the grpc server example:grpc_server_example
:::note
You can fetch the admin_key
from config.yaml
and save to an environment variable with the following command:
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
:::
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
"methods": ["POST", "GET"],
"uri": "/helloworld.Greeter/SayHello",
"upstream": {
"scheme": "grpc",
"type": "roundrobin",
"nodes": {
"127.0.0.1:50051": 1
}
}
}'
Invoking the route created before:
$ grpcurl -insecure -import-path /pathtoprotos -proto helloworld.proto -d '{"name":"apisix"}' 127.0.0.1:9443 helloworld.Greeter.SayHello
{
"message": "Hello apisix"
}
grpcurl is a CLI tool, similar to curl, that acts as a gRPC client and lets you interact with a gRPC server. For installation, please check out the official documentation.
This means that the proxying is working.
By default, the APISIX only listens to 9443
for TLS‑encrypted HTTP/2. You can support HTTP/2 with plaintext via the node_listen
section under apisix
in conf/config.yaml
:
apisix:
node_listen:
- port: 9080
- port: 9081
enable_http2: true
Invoking the route created before:
$ grpcurl -plaintext -import-path /pathtoprotos -proto helloworld.proto -d '{"name":"apisix"}' 127.0.0.1:9081 helloworld.Greeter.SayHello
{
"message": "Hello apisix"
}
This means that the proxying is working.
If your gRPC service encrypts with TLS by itself (so called gPRCS
, gPRC + TLS), you need to change the scheme
to grpcs
. The example above runs gRPCS service on port 50052, to proxy gRPC request, we need to use the configuration below:
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
"methods": ["POST", "GET"],
"uri": "/helloworld.Greeter/SayHello",
"upstream": {
"scheme": "grpcs",
"type": "roundrobin",
"nodes": {
"127.0.0.1:50052": 1
}
}
}'