id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1562	grpc with ssl self-signed certificates fail	talkingtab@…		"I folllowed this article to enable grpc: https://www.nginx.com/blog/nginx-1-13-10-grpc/
WIthout ssl I can get grpc to work with nginx.
I can use self-signed certificates and grpc to work to the server directly instead of using nginx. So I know the certificates are good and I know the client is good. When I switch and use nginx, same client, I get an error:
Handshake failed with fatal error SSL_ERROR_SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number.

--- nginx config
server {
        listen 80;
        listen [::]:80;
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        server_name ootgroups.com www.ootgroups.com;
        location / {
                try_files $uri $uri/ =404;
        }
}
server {
        listen 50052 http2;
        server_name ootgroups.com;
        ssl_certificate         /other/clones/grpc/certs/out/ootgroups.com.crt;
        ssl_certificate_key     /other/clones/grpc/certs/out/ootgroups.com.key;
        location /helloworld.Greeter {
                grpc_pass grpc://localhost:50051; #uses h2 with TLS
        }
}
If I remove the ssl_certificate lines and run a client without ssl it works just fine. 
--- client.js
'use strict';
const fs = require('fs');
const grpc = require('grpc');

var PROTO_PATH = __dirname + '/helloworld.proto';
var hello_proto = grpc.load(PROTO_PATH).helloworld;
const PORT = 50052;
const cacert = fs.readFileSync('../certs/out/ootkey.com.crt'),
       cert = fs.readFileSync('../certs/out/kbxclient.crt'),
       key = fs.readFileSync('../certs/out/kbxclient.key'),
       kvpair = {
          'private_key': key,
          'cert_chain': cert
      };
// const creds = grpc.credentials.createSsl(cacert, key, cert);
// const client = new hello_proto.Greeter(`ootgroups.com:${PORT}`, creds);
// console.log(""secure connection established with gRPC server"");
const client = new hello_proto.Greeter(`ootgroups.com:${PORT}`, grpc.credentials.createInsecure());

hello();

function printResponse(error, response) {
    if (error)
        console.log('Error: ', error);
    else
        console.log(response);
}

function hello() {
    client.sayHello({name: ""world""}, function(error, response) {
        printResponse(error, response);
        console.log('Greeting:', response.message);
    });
}"	defect	closed	minor		other	1.14.x	invalid			Linux toy 4.4.0-127-generic #153-Ubuntu SMP Sat May 19 10:58:46 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux	"nginx version: nginx/1.14.0
"