Is gRPC without TLS proxied or blocked?

I have a service listening for gRPC requests on both unsecured and TLS ports. I have an A record with proxy that correctly forwards TLS calls to my service, however the non-TLS connection just hangs.
I can access both by using the IP directly, so my setup works. I’m wondering if non-TLS gRPC is blocked altogether from DNS. I’m running TLS on port 443 (required by CF) and non-TLS on 80.

Hm, may I also ask is the gRPC option enabled at Cloudflare dashboard for your domain name?

Kindly, to check navigate to Network tab → scroll down to find section gRPC and see if it is enabled or disabled.

Just in case regarding the SSL, here is a way to re-check if you correctly setup the SSL for your domain with Cloudflare:

In case you do not have an SSL certificate, you can use Cloudflare SSL, if so, kindly make sure you follow the instructions as follows on the below article to setup an SSL certificate using Cloudflare Origin CA Certificate:

Last but not least, kindly have a look here for more information regarding correct SSL settings:

My understanding is that gRPC only runs over HTTP/2, and Cloudflare only support HTTP/2 over TLS, so combining the two probably means that gRPC must be over TLS.

3 Likes

That makes a lot of sense. Yes, gRPC runs over HTTP/2 only, I wasn’t aware that CF only allows TLS traffic over HTTP/2. Thanks, that certainly clears things up.
I suppose to get around this, I can just make another A record without proxy.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.