Reputation: 107
Not able to connect to gRPC Server with revert proxy (HAProxy) from client through SSL
In my project using gRPC Java,I am using OpenSSL to make a secure connection between Client and Server through a revert proxy (HAProxy).
Since Client and Server interacting through a revert proxy, therefore I only config SSL for HAProxy, there's no need to do anything with the Server. So:
- Client <-> Proxy: TLS/SSL
- Proxy <-> Server: Raw data
I managed to run the server successfully and configured SSL at HAProxy, I checked SSL configuration with https://www.digicert.com/help/ and everything is ok.
The documentation here mentions that the client code for a secure channel is this:
ManagedChannel channel = ManagedChannelBuilder.forAddress("myservice.example.com", 443).build();
GreeterGrpc.GreeterStub stub = GreeterGrpc.newStub(channel);
And this is my code:
channel = ManagedChannelBuilder
.forAddress(domain, port)
.usePlaintext(false)
.build();
interceptChannel = ClientInterceptors.intercept(channel, new ClientHeaderInterceptor());
asyncStub = GatewayServiceGrpc.newStub(channel);
blockingStub = GatewayServiceGrpc.newBlockingStub(interceptChannel);
But the problem is I can't connect to the Server, no response and it doesn't throw any excetion or error at all.
But if I change usePlaintext from false to true (disable TLS) from client and Proxy is still having SSL, then I receive this exception:
io.grpc.StatusRuntimeException: UNAVAILABLE: Network closed for unknown reason
at io.grpc.Status.asRuntimeException(Status.java:526)
at io.grpc.stub.ClientCalls$StreamObserverToCallListenerAdapter.onClose(ClientCalls.java:385)
at io.grpc.ForwardingClientCallListener.onClose(ForwardingClientCallListener.java:41)
at io.grpc.internal.CensusTracingModule$TracingClientInterceptor$1$1.onClose(CensusTracingModule.java:339)
at io.grpc.internal.ClientCallImpl.closeObserver(ClientCallImpl.java:443)
at io.grpc.internal.ClientCallImpl.access$300(ClientCallImpl.java:63)
at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl.close(ClientCallImpl.java:525)
at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl.access$600(ClientCallImpl.java:446)
at io.grpc.internal.ClientCallImpl$ClientStreamListenerImpl$1StreamClosed.runInContext(ClientCallImpl.java:557)
at io.grpc.internal.ContextRunnable.run(ContextRunnable.java:37)
at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:107)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
This is dependencies at client:
<dependencies>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-netty</artifactId>
<version>1.7.0</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-protobuf</artifactId>
<version>1.7.0</version>
</dependency>
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-stub</artifactId>
<version>1.7.0</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>2.0.6.Final</version>
</dependency>
<dependency>
<groupId>com.lmax</groupId>
<artifactId>disruptor</artifactId>
<version>3.3.7</version>
</dependency>
<!-- https://mvnrepository.com/artifact/ch.qos.logback/logback-classic -->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
</dependency>
</dependencies>
I'm using gRPC version 1.7.0.
Upvotes: 1
Views: 3028
Answers (1)
Reputation: 107
Removing .usePlaintext(false) when creating channel will solve the problem.
Upvotes: 4
Related Questions
- gRPC: How to configure SSL in client?
- Issue Sending Request from gRPC Java Client
- Use SSL in gRPC client server communication
- How do I connect to GRPC using TLS?
- Grpc .Net client fails to connect to server with SSL
- gRPC sslcontext config
- How to enable ssl in grpc with java using keystore
- Java gRPC: exception from client to server
- gRPC SSL No subject alternative names present
- SSL decryption error while using GRPC