GRPC server certificate and key are mounted but still not recognized

[MohammadRasheed]

Hi,

I have deployed Nextcloud AIO and configured the nextcloud-aio-talk container manually using Portainer.
I mounted my GRPC server certificate and key inside the container at:
/mnt/certs/grpc.crt
/mnt/certs/grpc.key
I also set the following environment variables:
GRPC_SERVER_CERT=/mnt/certs/grpc.crt
GRPC_SERVER_KEY=/mnt/certs/grpc.key
The files are readable inside the container, and openssl confirms they are valid.

Still, I get this warning in the logs:
grpc_common.go:176: WARNING: No GRPC server certificate and/or key configured, running unencrypted
grpc_common.go:178: WARNING: No GRPC CA configured, expecting unencrypted connections
How can I properly provide the certificates to ensure encrypted gRPC connections?

Thank you in advance for your help!

[szaimen]

Hi, as far as I know, grpc is only needed if you run the talk high-performance-backend in cluster mode, which we are not doing. So you can ignore the warning.

Are you running into a specific problem or why are you trying to configure a grpc certificate?

[MohammadRasheed]

Thank you for the clarification!

I was trying to ensure encrypted internal communication, thinking it was necessary for production hardening.
But if it's not required unless running in cluster mode, that makes sense.
There is no specific issue right now — I just wanted to avoid leaving things unencrypted.

Thanks again for the help!

[MohammadRasheed]

Thank you for the clarification.

Yes, I now understand that the gRPC certificate is only required when using the high-performance backend in cluster mode, with multiple backend nodes communicating securely via gRPC.

Since I’m currently running a single backend instance through Nextcloud AIO, it makes sense that gRPC encryption is not necessary and the warnings can safely be ignored.

I appreciate your guidance!
Just one follow-up question:
Would there be any performance or security benefits to enabling gRPC encryption even in single-instance setups, or is it strictly intended for clustered environments?

Thanks again for your time and support!

Best regards,
Rachid Halabieh