> ## Documentation Index
> Fetch the complete documentation index at: https://www.aptible.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# gRPC Endpoints

<img src="https://mintcdn.com/aptible/2c_c-XH-dAzVOaDu/images/ccfd24b-tls-endpoints.png?fit=max&auto=format&n=2c_c-XH-dAzVOaDu&q=85&s=7358d127473451d0a602a354f7e57f3e" alt="Image" width="1280" height="720" data-path="images/ccfd24b-tls-endpoints.png" />

gRPC Endpoints can be created using the [`aptible endpoints:grpc:create`](/reference/aptible-cli/cli-commands/cli-endpoints-grpc-create) command.

<Warning>Like TCP/TLS endpoints, gRPC endpoints do not support [Endpoint Logs](/core-concepts/apps/connecting-to-apps/app-endpoints/https-endpoints/endpoint-logs)</Warning>

# Traffic

gRPC Endpoints terminate TLS traffic and transfer it as plain TCP to your app.

# Container Ports

gRPC Endpoints are configured similarly to [TLS Endpoints](/core-concepts/apps/connecting-to-apps/app-endpoints/tls-endpoints).

The Endpoint will listen for encrypted gRPC traffic on exposed ports and transfer it as plain gRPC traffic to your app over the same port. For example, if your [Image](/core-concepts/apps/deploying-apps/image/overview) exposes port `123`, the Endpoint will listen for gRPC traffic on port `123`, and forward it as plain gRPC traffic to your app [Containers](/core-concepts/architecture/containers/overview) on port `123`.

<Tip>Unlike [TLS Endpoints](/core-concepts/apps/connecting-to-apps/app-endpoints/tls-endpoints), gRPC Endpoints DO provide [Zero-Downtime Deployment](/core-concepts/apps/connecting-to-apps/app-endpoints/https-endpoints/overview#zero-downtime-deployment).</Tip>

# Zero-Downtime Deployment / Health Checks

gRPC endpoints provide [Zero-Downtime Deployment](/core-concepts/apps/connecting-to-apps/app-endpoints/https-endpoints/overview#zero-downtime-deployment) by leveraging [gRPC Health Checking](https://grpc.io/docs/guides/health-checking/).
Specifically, Aptible will use [health/v1](https://github.com/grpc/grpc-proto/blob/master/grpc/health/v1/health.proto)'s Health.Check call against your service, passing in an empty service name, and will only continue with the deploy if your application responds `SERVING`.

<Warning>When implementing the health service, please ensure you register your service with a blank name, as this is what Aptible looks for.</Warning>

# Idle Timeout

gRPC Endpoints enforce an idle timeout on connections. By default, the inactivity timeout is 60 seconds. You can configure a different timeout per endpoint:

```shell theme={null}
aptible endpoints:grpc:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" --idle-timeout 1200
```

In Terraform, set `idle_timeout` on the `aptible_endpoint` resource (see [Endpoint Settings](/reference/terraform#endpoint-settings)).

<Warning>**Migrating from environment variables:** `IDLE_TIMEOUT` was previously set as an app configuration variable. Once your endpoints are configured, unset it from your app using `aptible config:unset`.</Warning>

# SSL / TLS Settings

Aptible offers a few ways to configure the protocols used by gRPC endpoints for TLS termination.

# SSL Protocols Override

The SSL Protocols Override setting lets you customize the SSL/TLS protocols allowed on your Endpoint.

* For gRPC Endpoints: you can choose from these combinations:
  * `TLSv1 TLSv1.1 TLSv1.2` (default)
  * `TLSv1.1 TLSv1.2`
  * `TLSv1.2`
  * `TLSv1.3`

# SSL Ciphers Override

This setting lets you customize the SSL ciphers used by your Endpoint.

The format is a string accepted by Nginx for its [ssl\_ciphers directive](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers).

Pay very close attention to the required format, as a bad value will prevent the proxies from starting.

# Disable Weak Cipher Suites

Enabling this setting causes your Endpoint to stop accepting traffic over the `SSLv3` protocol or using the `RC4` cipher.

We strongly recommend enabling this on all gRPC Endpoints.

# Examples

## Set Idle Timeout

```shell theme={null}
aptible endpoints:grpc:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" --idle-timeout 1200
```

## Set SSL Protocols Override

```shell theme={null}
aptible endpoints:grpc:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" \
        --ssl-protocols-override "TLSv1.1 TLSv1.2"
```

## Disable Weak Cipher Suites

```shell theme={null}
aptible endpoints:grpc:modify --app "$APP_HANDLE" "$ENDPOINT_HOSTNAME" \
        --disable-weak-cipher-suites
```

In Terraform, set `ssl_protocols_override`, `ssl_ciphers_override`, and `disable_weak_cipher_suites` on the `aptible_endpoint` resource (see [Endpoint Settings](/reference/terraform#endpoint-settings)).

<Warning>**Migrating from environment variables:** `SSL_PROTOCOLS_OVERRIDE`, `SSL_CIPHERS_OVERRIDE`, and `DISABLE_WEAK_CIPHER_SUITES` were previously set as app configuration variables. Once your endpoints are configured, unset them from your app using `aptible config:unset`</Warning>