To enable TLS on the server, the following files are required:
certificates/server.pem the certificate chain for the server in in PEM
format
certificates/server.key the private key for the server certificate chain
certificates/trusted_client_roots.pem the root certificates that are
trusted when authenticating clients
The set of trusted client root certificates is used when authenticating the
client. You can choose to obtain this set of trusted roots from an authority
like Mozilla or install the set of
roots currently recommended by the Google Internet Authority
G2. In the latter case, you may have to
manually update the root certificate at times.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-20 UTC."],[[["\u003cp\u003eThis guide outlines the necessary steps to set up a Ruby-based gRPC server, including the required gems: \u003ccode\u003egoogle-protobuf\u003c/code\u003e and \u003ccode\u003egrpc\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eYou'll need to download the service definition file (\u003ccode\u003ebooking_service.proto\u003c/code\u003e) and organize it within a specific directory structure that includes \u003ccode\u003ecertificates\u003c/code\u003e, \u003ccode\u003elib\u003c/code\u003e, \u003ccode\u003eprotos\u003c/code\u003e, and \u003ccode\u003eserver.rb\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eGenerating the necessary Ruby libraries from the service definition file using the \u003ccode\u003egrpc_tools_ruby_protoc\u003c/code\u003e command is required to implement the server.\u003c/p\u003e\n"],["\u003cp\u003eThe server can be initially tested without TLS using the command \u003ccode\u003eruby server.rb --disable_tls\u003c/code\u003e, but this is not recommended for production environments.\u003c/p\u003e\n"],["\u003cp\u003eEnabling TLS in production requires configuring the server with \u003ccode\u003eserver.pem\u003c/code\u003e, \u003ccode\u003eserver.key\u003c/code\u003e, and \u003ccode\u003etrusted_client_roots.pem\u003c/code\u003e files within the \u003ccode\u003ecertificates\u003c/code\u003e directory, to ensure secure communication.\u003c/p\u003e\n"]]],["The implementation requires the `google-protobuf` and `grpc` gems. Download the service definition, create the specified directory structure, and generate Ruby libraries using `grpc_tools_ruby_protoc`. TLS can be initially disabled using `--disable_tls` for testing. Production requires `server.pem`, `server.key`, and `trusted_client_roots.pem` within the certificates directory for TLS. The `trusted_client_roots.pem` may come from an authority like Mozilla or Google Internet Authority G2.\n"],null,["Prerequisites\n\nGems required for the server implementation:\n\n- google-protobuf (3.2.X used in this tutorial)\n- grpc (1.2.X used in this tutorial)\n\nDownload the [service definition](https://dl.google.com/mapsbooking/apitemplate/v1alpha/booking_service.proto) and create this directory structure: \n\n [base_dir]\n ├── certificates\n ├── lib\n ├── protos\n └── booking_service.proto\n └── server.rb\n\nGenerate Ruby libraries from the interface description: \n\n $ cd [base_dir]\n $ grpc_tools_ruby_protoc -I protos --ruby_out=lib --grpc_out=lib protos/booking_service.proto\n\nImplement the server\n\nIf you need the skeleton code, ask a Google POC.\n\nTest the server without TLS\n\nFor initial testing, TLS can be disabled: \n\n $ cd [base_dir]\n $ ruby server.rb --disable_tls\n\nThis is unsuitable for production use!\n\nConfigure production certificates\n\nTo enable TLS on the server, the following files are required:\n\n- `certificates/server.pem` the certificate chain for the server in in PEM format\n- `certificates/server.key` the private key for the server certificate chain\n- `certificates/trusted_client_roots.pem` the root certificates that are trusted when authenticating clients\n\nThe set of trusted client root certificates is used when authenticating the\nclient. You can choose to obtain this set of trusted roots from an authority\nlike [Mozilla](https://wiki.mozilla.org/CA:IncludedCAs) or install the [set of\nroots currently recommended by the Google Internet Authority\nG2](https://pki.goog/roots.pem). In the latter case, you may have to\nmanually update the root certificate at times.\n\nFinal directory structure \n\n [base_dir]\n ├── certificates\n ├── server.pem\n ├── server.key\n └── trusted_client_roots.pem\n ├── lib\n ├── booking_service_pb.rb\n └── booking_service_services_pb.rb\n ├── protos\n └── booking_service.proto\n └── server.rb"]]