gRPC¶
gRPC is a data channel type in GOST.
TLS Certificate Configuration
For TLS configuration, please refer to TLS configuration。
With TLS¶
gRPC tunnel use TLS encryption by default.
Without TLS¶
Enable plaintext gRPC tunnel via grpc.insecure
option.
Options¶
Custom Request Hostname¶
By default, the client uses the node address (-F parameter or the address specified in nodes.addr) as the request hostname (:authority
header). The request hostname can be customized through host
option.
Custom Request Path¶
The request path can be customized via path
option, the default value is /GostTunel/Tunnel
.
Path Matching Verification
The connection can be successfully established only when the path
option set by the client and the server are the same.
Server
Client
Keep-Alive¶
The client and server can each control the sending of heartbeats through several options.
Client
services:
- name: service-0
addr: :8080
handler:
type: http
chain: chain-0
listener:
type: tcp
chains:
- name: chain-0
hops:
- name: hop-0
nodes:
- name: node-0
addr: :8443
connector:
type: http
dialer:
type: grpc
metadata:
keepalive: true
keepalive.time: 30s
keepalive.timeout: 30s
keepalive.permitWithoutStream: true
Server
keepalive
(bool, default=false)- Whether to enable keep-alive.
keepalive.time
(duration, default=30s)- When the idle time exceeds this set value, a heartbeat packet is sent.
keepalive.timeout
(duration, default=30s)- The duration of waiting for a heartbeat response.
keepalive.permitWithoutStream
(bool, default=false)- Whether to allow sending heartbeat packets in idle state. Note: When the client turns on this option, the server should also turn it on at the same time, otherwise the server will forcibly close the current connection.
keepalive.minTime
(duration, default=30s)- The minimum waiting time before the client sends a heartbeat packet. Only valid on the server side.
keepalive.maxConnectionIdle
(duration, default=5m)- When the connection is idle for more than this time, the connection will be closed. Only valid on the server side.
Use With Caution
The keep-alive mechanism of gRPC requires cooperation between the client and the server. If the parameters are set incorrectly, connection abnormalities may occur. It is recommended to read the official documentation before using it.
Proxy¶
gRPC tunnel can be used in combination with various proxy protocols.
HTTP Over gRPC¶
SOCKS5 Over gRPC¶
Relay Over gRPC¶
Port Forwarding¶
gRPC tunnel can also be used as port forwarding.
Server
is equivalent to
By using port forwarding of the gRPC tunnel, a gRPC data channel is added to the SOCKS5 proxy service on port 1080.
At this time, port 8443 is equivalent to: