Skip to main content

gRPC Settings

Pomerium's gRPC settings apply to internal communication between:

These settings have no effect on gRPC traffic proxied on a regular Pomerium route.

gRPC Address

gRPC Address specifies the IP address and port for the internal gRPC service to listen on.

How to configure

Config file keysEnvironment variablesTypeDefault
grpc_addressGRPC_ADDRESSstring:5443 in all-in-one mode
:443 in split service mode

Examples

grpc_address: :8443
GRPC_ADDRESS=:8443

gRPC Client DNS RoundRobin

gRPC Client DNS RoundRobin enables DNS-based round-robin load balancing. This method uses DNS to resolve endpoints and distributes load balancing of all addresses returned by the DNS record client side. Do not disable unless you have a specific use case.

How to configure

Config file keysEnvironment variablesTypeDefault
grpc_client_dns_roundrobinGRPC_CLIENT_DNS_ROUNDROBINbooleantrue

Examples

grpc_client_dns_roundrobin: false
GRPC_CLIENT_DNS_ROUNDROBIN=false

gRPC Client Timeout

gRPC Client Timeout sets the maximum time before canceling an upstream gRPC request. During transient failures, the proxy will retry upstream servers for this duration. You should leave this high enough to handle backend service restart and rediscovery so that client requests do not fail.

How to configure

Config file keysEnvironment variablesTypeDefault
grpc_client_timeoutGRPC_CLIENT_TIMEOUTstring (Go Duration formatting)10s

Examples

grpc_client_timeout: 15s
GRPC_CLIENT_TIMEOUT=15s

gRPC Insecure

gRPC Insecure disables transport security (TLS) for internal gRPC communication.

How to configure

Config file keysEnvironment variablesTypeDefault
grpc_insecureGRPC_INSECUREbooleantrue in all-in-one mode
false in split service mode

Examples

grpc_insecure: false
GRPC_INSECURE=false