Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.aptible.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Image gRPC Endpoints can be created using the aptible endpoints:grpc:create command.
Like TCP/TLS endpoints, gRPC endpoints do not support Endpoint Logs

Traffic

gRPC Endpoints terminate TLS traffic and transfer it as plain TCP to your app.

Container Ports

gRPC Endpoints are configured similarly to TLS Endpoints. The Endpoint will listen for encrypted gRPC traffic on exposed ports and transfer it as plain gRPC traffic to your app over the same port. For example, if your Image exposes port 123, the Endpoint will listen for gRPC traffic on port 123, and forward it as plain gRPC traffic to your app Containers on port 123.
Unlike TLS Endpoints, gRPC Endpoints DO provide Zero-Downtime Deployment.

Zero-Downtime Deployment / Health Checks

gRPC endpoints provide Zero-Downtime Deployment by leveraging gRPC Health Checking. Specifically, Aptible will use health/v1’s Health.Check call against your service, passing in an empty service name, and will only continue with the deploy if your application responds SERVING.
When implementing the health service, please ensure you register your service with a blank name, as this is what Aptible looks for.

Idle Timeout

gRPC Endpoints enforce an idle timeout on connections. By default, the inactivity timeout is 60 seconds. You can configure a different timeout per endpoint: 
aptible endpoints:grpc:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" --idle-timeout 1200
In Terraform, set idle_timeout on the aptible_endpoint resource (see Endpoint Settings).
Migrating from environment variables: IDLE_TIMEOUT was previously set as an app configuration variable. Once your endpoints are configured, unset it from your app using aptible config:unset.

SSL / TLS Settings

Aptible offers a few ways to configure the protocols used by gRPC endpoints for TLS termination.

SSL Protocols Override

The SSL Protocols Override setting lets you customize the SSL/TLS protocols allowed on your Endpoint.
  • For gRPC Endpoints: you can choose from these combinations:
    • TLSv1 TLSv1.1 TLSv1.2 (default)
    • TLSv1.1 TLSv1.2
    • TLSv1.2
    • TLSv1.3

SSL Ciphers Override

This setting lets you customize the SSL ciphers used by your Endpoint. The format is a string accepted by Nginx for its ssl_ciphers directive. Pay very close attention to the required format, as a bad value will prevent the proxies from starting.

Disable Weak Cipher Suites

Enabling this setting causes your Endpoint to stop accepting traffic over the SSLv3 protocol or using the RC4 cipher. We strongly recommend enabling this on all gRPC Endpoints.

Examples

Set Idle Timeout

aptible endpoints:grpc:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" --idle-timeout 1200

Set SSL Protocols Override

aptible endpoints:grpc:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" \
        --ssl-protocols-override "TLSv1.1 TLSv1.2"

Disable Weak Cipher Suites

aptible endpoints:grpc:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" \
        --disable-weak-cipher-suites
In Terraform, set ssl_protocols_override, ssl_ciphers_override, and disable_weak_cipher_suites on the aptible_endpoint resource (see Endpoint Settings).
Migrating from environment variables: SSL_PROTOCOLS_OVERRIDE, SSL_CIPHERS_OVERRIDE, and DISABLE_WEAK_CIPHER_SUITES were previously set as app configuration variables. Once your endpoints are configured, unset them from your app using aptible config:unset