Creating an HTTP router for gRPC traffic

Written by

Yandex Cloud

Improved by

Danila N.

Updated at March 3, 2025

To create an HTTP router and add a route to it:

Management console

CLI

Terraform

API

In the left-hand menu, select HTTP routers.
Click Create HTTP router.
Enter the HTTP router name.
Under Virtual hosts, click Add virtual host.
Enter Name.
In the Authority field, type * or the IP address of the load balancer.
(Optional) In the Security profile field, select the Yandex Smart Web Security security profile. A security profile allows you to set up filtering of incoming requests, enable WAF, and limit the number of requests for protection against malicious activities. For more information, see Security profiles.
Click Add route and select Type: gRPC.
1. Enter Name.
2. In the FQMN field, select one of the options:
  - Starts with to route all requests starting with a specific FQMN. In the input field, specify /<first_word_in_service_name>, e.g., /helloworld.
  - Matches to route all requests matching the specified FQMN.
  - Regular expression to route all requests that satisfy the RE2 regular expression.
  Warning
  
  The FQMN must start with a slash (//) and contain a part of the full name of the service the procedure call is redirected to.
3. In the Action field, select one of the options: Routing or Response. Depending on the selected option:
  - Routing:
    - In the Backend group list, select the name of the backend group from the same folder where you are creating the HTTP router.
    - Optionally, in the Host header rewrite field, select one of these options:
      - none: No rewriting.
      - rewrite: Rewriting to the specified value.
      - auto: Automatic rewriting to the target VM address.
    - (Optional) In the Maximum timeout, sec. field, specify the maximum connection time. The client can specify a grpc-timeout HTTP header with a shorter timeout in the request.
    - (Optional) In the Idle timeout, seconds field, specify the maximum connection keep-alive time with zero data transmission.
  - Response:
    - In the gRPC status code field, select the code to be used for response.
Click Create.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder through the --folder-name or --folder-id parameter.

See the description of the CLI command to create an HTTP router:
```
yc alb http-router create --help
```

Run this command:

yc alb http-router create <HTTP_router_name>

Result:

id: a5dcsselagj4********
name: <HTTP_router_name>
folder_id: aoerb349v3h4********
created_at: "2022-06-16T21:04:59.438292069Z"

View a description of the CLI command for creating a virtual host:
```
yc alb virtual-host create --help
```
Create a virtual host, specifying the name of the HTTP router and the virtual host settings:
```
yc alb virtual-host create <virtual_host_name> \
  --http-router-name <HTTP_router_name> \
  --authority *
  --security-profile-id <security_profile_ID>
```
Where:
- --http-router-name: HTTP router name.
- --authority: Domains for the :authority headers that will be associated with this virtual host. This parameter supports wildcards, e.g., *.foo.com or *-bar.foo.com.
- --security-profile-id (optional): ID of the Yandex Smart Web Security security profile. A security profile allows you to set up filtering of incoming requests, enable WAF, and limit the number of requests for protection against malicious activities. For more information, see Security profiles.
Result:
```
done (1s)
name: <virtual_host_name>
authority:
- *
```
View a description of the CLI command for adding a host:
```
yc alb virtual-host append-grpc-route --help
```
Add a route, specifying the HTTP router ID or name and the routing parameters:
```
yc alb virtual-host append-grpc-route <route_name> \
  --virtual-host-name <virtual_host_name> \
  --http-router-name <HTTP_router_name> \
  --prefix-fqmn-match / \
  --backend-group-name <backend_group_name> \
  --request-max-timeout 60s
```
Where:
- --virtual-host-name: Virtual host name.
- --http-router-name: HTTP router name.
- --prefix-fqmn-match: Parameter to route all requests with a specific prefix. The parameter should be followed by FQMN / .
  
  To specify a routing condition, you can also use the following options:
  - --exact-fqmn-match to route all requests matching the specified FQMN. The parameter should be followed by /<FQMN>/.
  - --regex-fqmn-match to route all requests that satisfy the RE2 regular expression. Specify /<regular_expression> following the parameter.
- --backend-group-name: Backend group name.
- --request-max-timeout: Maximum request idle timeout in seconds. The client can specify a grpc-timeout HTTP header with a shorter timeout in the request.
For more information about the yc alb virtual-host append-grpc-route command parameters, see the CLI reference.

Result:
```
done (1s)
name: <virtual_host_name>
authority:
- *
routes:
- name: <route_name>
  grpc:
   match:
     fqmn:
      prefix_match: /helloworld
   route:
     backend_group_id: ds7snban2dvn********
     max_timeout: 60s
```

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

In the configuration file, specify the parameters of the HTTP router and virtual host:
```
resource "yandex_alb_http_router" "tf-router" {
  name          = "<HTTP_router_name>"
  labels        = {
    tf-label    = "tf-label-value"
    empty-label = ""
  }
}

resource "yandex_alb_virtual_host" "my-virtual-host" {
  name                    = "<virtual_host_name>"
  http_router_id          = yandex_alb_http_router.tf-router.id
  route {
    name                  = "<route_name>"
    grpc_route {
      grpc_route_action {
        backend_group_id  = "<backend_group_ID>"
        max_timeout       = "60s"
      }
    }
  }
  route_options {
    security_profile_id   = "<security_profile_ID>"
  }
}
```
Where:
- yandex_alb_http_router: HTTP router description.
  - name: HTTP router name. The name should match the following format:
    - It must be 2 to 63 characters long.
    - It may contain lowercase Latin letters, numbers, and hyphens.
    - It must start with a letter and cannot end with a hyphen.
  - labels: HTTP router labels. Specify a key-value pair.
- yandex_alb_virtual_host: Virtual host description:
  - name: Virtual host name. The name should match the following format:
    - It must be 2 to 63 characters long.
    - It may contain lowercase Latin letters, numbers, and hyphens.
    - It must start with a letter and cannot end with a hyphen.
  - http_router_id: HTTP router ID.
  - route: HTTP router route description:
    - name: Route name.
    - grpc_route: Description of the route for gRPC traffic:
      - grpc_route_action: Parameter to specify an action with gRPC traffic.
        
        backend_group_id: Backend group ID.
        
        max_timeout: Maximum request idle timeout in seconds. The client can specify a grpc-timeout HTTP header with a shorter timeout in the request.
  - route_options (optional): Additional parameters of the virtual host:
    - security_profile_id: ID of the Yandex Smart Web Security security profile. A security profile allows you to set up filtering of incoming requests, enable WAF, and limit the number of requests for protection against malicious activities. For more information, see Security profiles.
For more information about the properties of Terraform resources, see these Terraform guides:
- yandex_alb_http_router resource
- yandex_alb_virtual_host resource
Create the resources
1. In the terminal, change to the folder where you edited the configuration file.
2. Make sure the configuration file is correct using the command:
```
terraform validate
```
  If the configuration is correct, the following message is returned:
```
Success! The configuration is valid.
```
3. Run the command:
```
terraform plan
```
  The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
4. Apply the configuration changes:
```
terraform apply
```
5. Confirm the changes: type yes in the terminal and press Enter.
Terraform will create all the required resources. You can check the new resources and their settings using the management console or this CLI command:
```
yc alb http-router get <HTTP_router_name>
```

Use the create REST API method for the HttpRouter resource or the HttpRouterService/Create gRPC API call.

Creating an HTTP router for gRPC traffic

Was the article helpful?