I posted this on StackOverflow, but wanted to post it here too in case any of the experts here might be able to help, apologies if that's not the right way to do this.
Anyway, I'm building a GRPC-enabled service that handles API requests from a ReactJS frontend using Envoy as a proxy. All services are currently running on my local machine for development.
Everything is running fine without TLS, and now I'm trying to configure a more secure connection between all services.
I added TLS to the backend GRPC service using self-signed certificates using the following Java code:
Backend server code
InputStream serverCertInputStream = getClass().getClassLoader().getResourceAsStream("localhost/server.crt");
InputStream privateKeyInputStream = getClass().getClassLoader().getResourceAsStream("localhost/server.pem");
ServerCredentials creds = TlsServerCredentials.create(serverCertInputStream, privateKeyInputStream);
server = Grpc.newServerBuilderForPort(this.port, creds)
.addService(
ServerInterceptors.intercept(
new ApiServiceImplementer(),
new AuthorizationInterceptor(ApiServiceConfig.getJwtIssuer(), ApiServiceConfig.getJwtAudience(), PublicKeyContainer.DefaultAuth0PublicRsaKeyForDevelopment)
))
.addService(ProtoReflectionService.newInstance())
.build();
This is working fine, which I verified by using a few other backend Java services as test clients, which could successfully reach this service without going through Envoy.
However, after updating my Envoy config to include the necessary updates for TLS (full config below), I keep running into issues.
I haven't been able to get any of my frontend requests to get past Envoy and sent to the backend GRPC server.
code: 14
message: "Http response at 400 or 500 level, http status code: 503"
metadata: {}
stack: "Error: Http response at 400 or 500 level, http status code: 503\n at new E (https://localhost:8080/static/js/bundle.js:45550:13)
Here is a list of things I've tried so far:
Removing the http2_protocol_options
Adding the self-signed certs to my local keychain (I'm using a Mac)
Continuously tweaking parts of my Envoy config based on research online, the latest version is what you see above (you can see areas where I've commented things out)
Once this is working, I'd expect to see a successful response from the GRPC server to the frontend just like in the scenario where there is no TLS involved.
Does anyone have any ideas on what might be the cause here? Definitely getting to a point where I'm low on ideas and things to try. Apologies if the answer is obvious, I haven't done much with SSL/Envoy before.
I posted this on StackOverflow, but wanted to post it here too in case any of the experts here might be able to help, apologies if that's not the right way to do this.
Anyway, I'm building a GRPC-enabled service that handles API requests from a ReactJS frontend using Envoy as a proxy. All services are currently running on my local machine for development.
Everything is running fine without TLS, and now I'm trying to configure a more secure connection between all services.
I added TLS to the backend GRPC service using self-signed certificates using the following Java code:
Backend server code
This is working fine, which I verified by using a few other backend Java services as test clients, which could successfully reach this service without going through Envoy.
However, after updating my Envoy config to include the necessary updates for TLS (full config below), I keep running into issues.
I haven't been able to get any of my frontend requests to get past Envoy and sent to the backend GRPC server.
Here is my Envoy config:
Here's the command I'm using to launch Envoy on Docker:
Here's my Dockerfile:
And here is the exact error I'm getting from my local frontend:
htps://localhost:8079/com.locusive.api_service.v1.ApiService/GetUser 503 (Service Unavailable)
Here is a list of things I've tried so far:
Once this is working, I'd expect to see a successful response from the GRPC server to the frontend just like in the scenario where there is no TLS involved.
Does anyone have any ideas on what might be the cause here? Definitely getting to a point where I'm low on ideas and things to try. Apologies if the answer is obvious, I haven't done much with SSL/Envoy before.
Thanks so much for the help!