I have a few questions about gRPC and Cloudflare tunnels.
- Is gRPC supported at all over a tunnel?
- If gRPC is supported now, is h2c or just h2 supported?
- Is grpc-web (ex:
Content-Type: application/grpc-web+proto) supported?
As per this page (can’t include links so articles name is Understanding-Cloudflare-gRPC-support) tunnels (and access) do not support gRPC.
- Cloudflare Tunnel currently does not support gRPC.
- Cloudflare Access does not support gRPC traffic sent through Cloudflare’s reverse proxy. gRPC traffic will be ignored by Access if gRPC is enabled in Cloudflare.
But tunnels has supported HTTP/2 which does support gRPC for a long time. Recently tunnel’s had a PR(again no links but PR number 656) to allow forcing HTTP/2.
Specifically I’m looking at hosting Zitadel which uses grpc-web. I have it running and can sign in but as soon as the grpc-web calls go out I start getting 404’s back. My understanding was that the whole point of grpc-web was to look like regular traffic and then a proxy will translate it to grpc when it arrives at some origin that can send true grpc requests. If that’s the case I don’t understand how it’s possible to not support it unless one of the headers is being filtered out.
In the case that I misunderstood what grpc-web is (and it actually needs h2/h2c) could I have a self signed cert on my server so that the last hop between cloudflared and zitadel is supported?