gRPC server behind HAProxy

Hi!
I am trying to expose a gRPC server to the internet through HAProxy.
HAProxy runs as a plugin in pfSense.
pfSense handles SSL certificates as well.
I have a number of services exposed both through http and https, so the SSL part is working fine.
I couldn’t figure out how to set the gRPC frontend and backend.
Frontend:

  • In the shared https frontend, in SSL OffloadingAdvanced certificate specific ssl options I have: alpn h2,http/1.1
  • In the frontend for the gRPC server I have checked SSL OffloadingUse Offloading and in Advanced certificate specific ssl options I also have alpn h2,http/1.1

Backend:

  • In the backend for gRPC server in Advanced settingsPer server pass thru I have: check proto h2

I have a small test gRPC client-server application to test. With this setup it gives:
MESSAGE: Status(StatusCode="Unavailable", Detail="Error starting gRPC call. HttpRequestException: The request was aborted. HttpProtocolException: The HTTP/2 server reset the stream. HTTP/2 error code 'REFUSED_STREAM' (0x7). (HttpProtocolError)", DebugException="System.Net.Http.HttpRequestException: The request was aborted.")

The test app works fine if I use Nginx Proxy Manager or, if I connect to the server through ip:port, bypassing any proxy and setting the option to use an insecure channel.

Did anyone encounter a similar problem?
Or has setup gRPC through HAProxy as a pfSense plugin?
Thank you in advance for taking the time to read my post!

Kind regards,
Liviu Popescu

Hello @xMAXIMUSx
I’ve seen the documentation, but HAProxy, when run as a pfSense plugin, needs to be configured from the pfSense’s web UI, I can’t directly touch the config files.

Right, you should be able to take what you need from the documentation and apply it in pfsense.

If you run into any issues you can watch these for help.