Configuring grpc and reverse proxy on same port(443)

by

Hello,

I am trying to configure Percona's Monitoring Tool, PMM. I am using two proxy servers between my client and PMM servers. PMM is using grpc for data exchange. And the metrics can retrieve via grafana.

[This is my previous PMM setup where data exchange on port 443 and the grafana web interface on 9116. This setup is working without any issues.](https://preview.redd.it/zkr1vs3kxvj61.jpg?width=1164&format=pjpg&auto=webp&s=7fa7e25b592c18895cb61c42de1092e3fab74239)

But I want to setup both in 443 port. So I can use my main domain for accessing the grafana.

1. In my proxy server, on nginx configuration, I used grpc\_pass and the data exchange is working but grafana was not accessible.
2. I tried setting up grpc\_pass(for data exchange) and proxy\_pass(for grafana web interface) on one port(443) but it fails.

Now I did configure grpc\_pass for my main domain and proxy\_pass for another location as provided below. So that I don't have to use different ports for grpc and grafana.

`server {`

`listen 443 ssl http2;`

`server_name` [`pmm.domain.net`](https://pmm.domain.net)`;`

`ssl_certificate /etc/nginx/certificates/wildcard.domain.net.chained.crt;`

`ssl_certificate_key /etc/nginx/certificates/doamin.key;`

`ssl_session_cache shared:SSL:10m;`

`ssl on;`

`ssl_session_cache builtin:1000 shared:SSL:10m;`

`ssl_protocols TLSv1.2;`

`ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;`

`ssl_prefer_server_ciphers on;`

`location /grf {`

`proxy_pass https://PMM_SERVER_IP/;`

`proxy_http_version 1.1;`

`proxy_set_header Upgrade $http_upgrade;`

`proxy_set_header Connection "upgrade";`

`proxy_set_header Host $http_host;`

`proxy_set_header X-Real-IP $remote_addr;`

`proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;`

`proxy_set_header X-Forward-Proto http;`

`proxy_set_header X-Nginx-Proxy true;`

`proxy_redirect off;`

`}`

`location / {`

`grpc_ssl_certificate /etc/nginx/grpc-certs/server-cert.pem;`

`grpc_ssl_certificate_key /etc/nginx/grpc-certs/server-key.pem;`

`grpc_ssl_trusted_certificate /etc/nginx/grpc-certs/certca.pem;`

`grpc_ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;`

`grpc_pass grpcs://PMM_SERVER_IP:443;`

`}`

`}`

I need to use main domain for grpc\_pass and proxy\_pass so I can access the grafana on main domain. Or is there a way I can access a web interface(grafana) using grpc\_pass?

Already opened a discussion on the NGINX forum 1 month before, but no response found.

[NGINX Forum Link](https://forum.nginx.org/read.php?15,290605)

Leave a Comment