Open iliuyt opened 4 years ago
echo "Creating certs folder ..." mkdir certs && cd certs echo "Generating certificates ..." openssl genrsa -passout pass:1111 -des3 -out ca.key 4096 openssl req -passin pass:1111 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=CL/ST=RM/L=Santiago/O=Test/OU=Test/CN=ca" openssl genrsa -passout pass:1111 -des3 -out server.key 4096 openssl req -passin pass:1111 -new -key server.key -out server.csr -subj "/C=CL/ST=RM/L=Santiago/O=Test/OU=Server/CN=grpc.local.com" openssl x509 -req -passin pass:1111 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt openssl rsa -passin pass:1111 -in server.key -out server.key openssl genrsa -passout pass:1111 -des3 -out client.key 4096 openssl req -passin pass:1111 -new -key client.key -out client.csr -subj "/C=CL/ST=RM/L=Santiago/O=Test/OU=Client/CN=grpc.local.com" openssl x509 -passin pass:1111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt openssl rsa -passin pass:1111 -in client.key -out client.key
var PROTO_PATH = __dirname + "/protos/helloworld.proto"; const fs = require("fs"); var grpc = require("sgm-grpc"); var protoLoader = require("@grpc/proto-loader"); var packageDefinition = protoLoader.loadSync(PROTO_PATH, { keepCase: true, longs: String, enums: String, defaults: true, oneofs: true }); var hello_proto = grpc.loadPackageDefinition(packageDefinition).helloworld; function main() { const credentials = grpc.credentials.createSsl( fs.readFileSync(__dirname + "/script/certs/ca.crt"), fs.readFileSync(__dirname + "/script/certs/client.key"), fs.readFileSync(__dirname + "/script/certs/client.crt") ); // 1433 为通过nginx 验证,注意通过nginx时,server端不支持ssl,在nginx校验ssl即可 // var client = new hello_proto.Greeter("grpc.local.com:1433", credentials); var client = new hello_proto.Greeter("grpc.local.com:50051", credentials); var metadata = new grpc.Metadata(); metadata.set("hk-ey", "h_value"); metadata.set("header", "header1111"); // message=>message const call1 = client.sayHello({ name: "user" }, metadata, function( err, response ) { if (err) { console.log(err); } else { console.log("返回内容:", response.message); } }); call1.on("metadata", function(msg) { console.log("返回头部", msg); }); } main();
var PROTO_PATH = __dirname + "/protos/helloworld.proto"; const fs = require("fs"); var grpc = require("sgm-grpc"); var protoLoader = require("@grpc/proto-loader"); var packageDefinition = protoLoader.loadSync(PROTO_PATH, { keepCase: true, longs: String, enums: String, defaults: true, oneofs: true }); var hello_proto = grpc.loadPackageDefinition(packageDefinition).helloworld; /** * Implements the SayHello RPC method. */ function sayHello(call, callback) { console.log("头部信息", call.metadata); var metadata = new grpc.Metadata(); metadata.set("callback_key", "callback_value"); call.sendMetadata(metadata); callback(null, { message: "server return: " + call.request.name }); } /** * Starts an RPC server that receives requests for the Greeter service at the * sample server port */ function main() { let credentials = grpc.ServerCredentials.createSsl( fs.readFileSync(__dirname + "/script/certs/ca.crt"), [ { cert_chain: fs.readFileSync(__dirname + "/script/certs/server.crt"), private_key: fs.readFileSync(__dirname + "/script/certs/server.key") } ], true ); var server = new grpc.Server(); server.addService(hello_proto.Greeter.service, { sayHello: sayHello }); // 注意ssl加密经过nginx时,server端不要使用加密协议,目前还没有调试成功client nginx server全部使用加密协议 // server.bind("0.0.0.0:50051", grpc.ServerCredentials.createInsecure()); server.bind("0.0.0.0:50051", credentials); server.start(); } main();
server { listen 1443 ssl http2; server_name grpc.local.com; ssl_certificate /etc/nginx/certs/server.crt; ssl_certificate_key /etc/nginx/certs/server.key; access_log /etc/nginx/logs/access.log main; error_log /etc/nginx/logs/error.log error; location / { grpc_pass grpc://host.docker.internal:50051; } }
注意nginx到server端无法使用证书,考虑到nginx已经使用证书对客户端校验,所以没有继续研究下去
详细步骤