Skip to main content
Version: 3.9

gRPC Proxy

proxying gRPC traffic: gRPC client -> APISIX -> gRPC/gRPCS server

Parameters#

  • scheme: the scheme of the route's upstream must be grpc or grpcs.
  • uri: format likes /service/method, Example:/helloworld.Greeter/SayHello

Example#

create proxying gRPC route#

Here's an example, to proxying gRPC service by specified route:

  • attention: the scheme of the route's upstream must be grpc or grpcs.
  • attention: APISIX use TLS‑encrypted HTTP/2 to expose gRPC service, so need to config SSL certificate
  • attention: APISIX also support to expose gRPC service with plaintext HTTP/2, which does not rely on TLS, usually used to proxy gRPC service in intranet environment
  • the grpc server example:grpc_server_example
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["POST", "GET"],
"uri": "/helloworld.Greeter/SayHello",
"upstream": {
"scheme": "grpc",
"type": "roundrobin",
"nodes": {
"127.0.0.1:50051": 1
}
}
}'

testing HTTP/2 with TLS‑encrypted#

Invoking the route created before:

$ grpcurl -insecure -import-path /pathtoprotos  -proto helloworld.proto  -d '{"name":"apisix"}' 127.0.0.1:9443 helloworld.Greeter.SayHello
{
"message": "Hello apisix"
}

grpcurl is a CLI tool, similar to curl, that acts as a gRPC client and lets you interact with a gRPC server. For installation, please check out the official documentation.

This means that the proxying is working.

testing HTTP/2 with plaintext#

By default, the APISIX only listens to 9443 for TLS‑encrypted HTTP/2. You can support HTTP/2 with plaintext via the node_listen section under apisix in conf/config.yaml:

apisix:
node_listen:
- port: 9080
- port: 9081
enable_http2: true

Invoking the route created before:

$ grpcurl -plaintext -import-path /pathtoprotos  -proto helloworld.proto  -d '{"name":"apisix"}' 127.0.0.1:9081 helloworld.Greeter.SayHello
{
"message": "Hello apisix"
}

This means that the proxying is working.

gRPCS#

If your gRPC service encrypts with TLS by itself (so called gPRCS, gPRC + TLS), you need to change the scheme to grpcs. The example above runs gRPCS service on port 50052, to proxy gRPC request, we need to use the configuration below:

curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["POST", "GET"],
"uri": "/helloworld.Greeter/SayHello",
"upstream": {
"scheme": "grpcs",
"type": "roundrobin",
"nodes": {
"127.0.0.1:50052": 1
}
}
}'