I am trying to expose a gRPC server to the internet through HAProxy.
HAProxy runs as a plugin in pfSense.
pfSense handles SSL certificates as well.
I have a number of services exposed both through http and https, so the SSL part is working fine.
I couldn’t figure out how to set the gRPC frontend and backend.
- In the shared https frontend, in SSL Offloading → Advanced certificate specific ssl options I have: alpn h2,http/1.1
- In the frontend for the gRPC server I have checked SSL Offloading → Use Offloading and in Advanced certificate specific ssl options I also have alpn h2,http/1.1
- In the backend for gRPC server in Advanced settings → Per server pass thru I have: check proto h2
I have a small test gRPC client-server application to test. With this setup it gives:
MESSAGE: Status(StatusCode="Unavailable", Detail="Error starting gRPC call. HttpRequestException: The request was aborted. HttpProtocolException: The HTTP/2 server reset the stream. HTTP/2 error code 'REFUSED_STREAM' (0x7). (HttpProtocolError)", DebugException="System.Net.Http.HttpRequestException: The request was aborted.")
The test app works fine if I use Nginx Proxy Manager or, if I connect to the server through ip:port, bypassing any proxy and setting the option to use an insecure channel.
Did anyone encounter a similar problem?
Or has setup gRPC through HAProxy as a pfSense plugin?
Thank you in advance for taking the time to read my post!