search

gdong42 / grpc-mate

A dynamic proxy server that translates JSON HTTP requests into gRPC calls.
https://grpcmate.io
Apache License 2.0
75 stars 9 forks source link

TLS handshake errors (gRPC requires TLS) #12

Open TinosNitso opened 2 years ago

TinosNitso commented 2 years ago

I keep getting the following error from my gRPC server:

2022/07/10 16:42:10 http: TLS handshake error from 172.22.224.1:60652: tls: first record does not look like a TLS handshake

Any chance of TLS being supported in the future? I'm not sure what I'll try next. I've been using grpc-mate from within Docker.

michaelschuett-tomtom commented 3 months ago

This depends on what kind of encryption you are using however if your using a TLS cert that is valid such as with lets encrypt the following patch will work.

diff --git a/main.go b/main.go
index 8745197..42a01f1 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,7 @@
 package main

 import (
+       "crypto/tls"
        "fmt"
        "net"
        "os"
@@ -12,6 +13,7 @@ import (
        "github.com/gdong42/grpc-mate/log"
        "github.com/kelseyhightower/envconfig"
        "google.golang.org/grpc"
+       "google.golang.org/grpc/credentials"
 )

 // EnvConfig has all Environment variables that grpc-mate reads
@@ -43,7 +45,9 @@ func main() {
        grpcAddr := fmt.Sprintf("%s:%d", env.GrpcServerHost, env.GrpcServerPort)
        logger.Info("Connecting to gRPC service...", zap.String("grpc_addr", grpcAddr))

-       conn, err := grpc.Dial(grpcAddr, grpc.WithInsecure())
+       config := &tls.Config{}
+
+       conn, err := grpc.Dial(grpcAddr, grpc.WithTransportCredentials(credentials.NewTLS(config)))
        if err != nil {
                logger.Fatal("Could not connect to gRPC service", zap.String("grpc_addr", grpcAddr))
        }