2

I'm interfacing from my code certain 3rd party software (particularly chirpstack v4) which provides API via GPRC. When deployed locally, it answers via HTTP and I get the response all right.

However in cluster we have the same server deployed with HTTPS (with letsencrypt certificate, not something private) so I'm trying to add corresponding transport layer security settings, but to my surprise I got then

rpc error: code = Internal desc = unexpected HTTP status code received from server: 400 (Bad Request); malformed header: missing HTTP content-type

I tried adding SetHeader to context with content-type: application/grpc but this won't change anything so I'm not sure it is really about header (moreover that it works with plain HTTP). So I wonder, perhaps anyone can point me some mistake in initialization of transport layer security?

// this is used with plain HTTP
//opts := []grpc.DialOption{grpc.WithTransportCredentials(insecure.NewCredentials())}

// this for case of working via HTTPS
opts := []grpc.DialOption{grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{}))}
// also tried NewClientTLSFromCert(x509.SystemCertPool()) - the same

serverAddr := "our-public-address:443"
ctx := context.Background()
conn, err := grpc.Dial(serverAddr, opts...)
if err != nil {
    println("Dial error:", err.Error())
    return
}
cli := api.NewInternalServiceClient(conn)
req := &api.LoginRequest{Email: "admin", Password: "admin"}
resp, err := cli.Login(ctx, req) // error arises here
if err != nil {
    println("login failed", err.Error())
}

Thanks in advance for hints and suggestions!

Rodion Gorkovenko
  • 2,670
  • 3
  • 24
  • 37
  • 1
    Have you verified that your server config is valid (using something like [grpcurl](https://github.com/fullstorydev/grpcurl) or [bloom](https://github.com/bloomrpc/bloomrpc))? You may also find it helpful to add [`grpc.WithBlock()`](https://pkg.go.dev/google.golang.org/grpc#WithBlock) to the `Dial` (which I guess will show the issue is with establishing a connection rather than the `Login` call). Please confirm that `our-public-address` refers to the domain name for which the certificate is issued (and not an IP address). – Brits Sep 24 '22 at 00:21
  • yep, it is domain name and certificate seems ok (as https web pages are also served over this connection and browser shows no issue), but thanks for hint about trying `grpcurl` - I supposed since web UI is working all right (using `application/grpc-web-text`) everything is fine, but `grpcurl` obviously freezes on connecting, showing nothing with `-vv` option (while works all right with localhost, using `-plaintext` key)... I guess I need to discuss this with our devops as there could be some subtle proxy issue or something like this... – Rodion Gorkovenko Sep 24 '22 at 04:51

0 Answers0