Configuring grpc and reverse proxy on same port(443)


I am trying to configure Percona's Monitoring Tool, PMM. I am using two proxy servers between my client and PMM servers. PMM is using grpc for data exchange. And the metrics can retrieve via grafana.

[This is my previous PMM setup where data exchange on port 443 and the grafana web interface on 9116. This setup is working without any issues.](

But I want to setup both in 443 port. So I can use my main domain for accessing the grafana.

1. In my proxy server, on nginx configuration, I used grpc\_pass and the data exchange is working but grafana was not accessible.
2. I tried setting up grpc\_pass(for data exchange) and proxy\_pass(for grafana web interface) on one port(443) but it fails.

Now I did configure grpc\_pass for my main domain and proxy\_pass for another location as provided below. So that I don't have to use different ports for grpc and grafana.

`server {`

`listen 443 ssl http2;`

`server_name` [``](`;`

`ssl_certificate /etc/nginx/certificates/;`

`ssl_certificate_key /etc/nginx/certificates/doamin.key;`

`ssl_session_cache shared:SSL:10m;`

`ssl on;`

`ssl_session_cache builtin:1000 shared:SSL:10m;`

`ssl_protocols TLSv1.2;`


`ssl_prefer_server_ciphers on;`

`location /grf {`

`proxy_pass https://PMM_SERVER_IP/;`

`proxy_http_version 1.1;`

`proxy_set_header Upgrade $http_upgrade;`

`proxy_set_header Connection "upgrade";`

`proxy_set_header Host $http_host;`

`proxy_set_header X-Real-IP $remote_addr;`

`proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;`

`proxy_set_header X-Forward-Proto http;`

`proxy_set_header X-Nginx-Proxy true;`

`proxy_redirect off;`


`location / {`

`grpc_ssl_certificate /etc/nginx/grpc-certs/server-cert.pem;`

`grpc_ssl_certificate_key /etc/nginx/grpc-certs/server-key.pem;`

`grpc_ssl_trusted_certificate /etc/nginx/grpc-certs/certca.pem;`

`grpc_ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;`

`grpc_pass grpcs://PMM_SERVER_IP:443;`



I need to use main domain for grpc\_pass and proxy\_pass so I can access the grafana on main domain. Or is there a way I can access a web interface(grafana) using grpc\_pass?

Already opened a discussion on the NGINX forum 1 month before, but no response found.

[NGINX Forum Link](,290605)

Leave a Comment