如何为gRPC TLS连接设置docker-compose容器？

I have a gRPC client and a server as two docker containers declared with docker-compose.

version: '3.3'
services:
  apiserver:
    image: golang:latest
    container_name: apiserver
    expose:
      - "3000"
    ports:
      - "3000:3000"
    command: go run cmd/apiserver/main.go

  userserver:
    image: golang:latest
    container_name: userserver
    expose:
      - "3001"
    ports:
      - "3001:3001"
    command: go run cmd/userserver/main.go

I omitted some things like volumes etc as I think they are not related to the issue.

When a client tries to dial server I get an error TLS handshake error from 172.22.0.1:34824: tls: oversized record received with length 21536

server (userserver):

lis, err := net.Listen("tcp", "userserver:3001")
if err != nil {
    logger.Critical(ctx, "failed to listen: %v", err)
}

grpcServer := grpc.NewServer()
userServer := userserver.New()
pb.RegisterDomainServer(grpcServer, userServer)
rpcErr := grpcServer.Serve(lis)

if rpcErr != nil {
    logger.Critical(ctx, "failed to serve: %v", rpcErr)
}

client (apiserver):

conn, err := grpc.Dial("userserver:3001", grpc.WithInsecure())
if err != nil {
    return err
}
defer conn.Close()

client := pb.NewDomainClient(conn)
_, err = client.Dispatch(ctx, &pb.Command{
    Name:    command,
    Payload: payload,
})

Info

the client is apiserver and the userserver is gRPC server, the reason why client is called apiserver is because it also works as http proxy. So the apiserver container tries to dial userserver container

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

dongyan1808 2018-02-14 08:44

关注

You are missing grpc.Creads(...)

We are use this code:

package main

import(
    "crypto/tls"
    "crypto/x509"
    "crypto/x509/pkix"
    "io/ioutil"

    "google.golang.org/grpc"
    "google.golang.org/grpc/credentials"
    "mysource.com/packages/grpcserver"
)

func main(){
    cert := "/path/to/cert.crt"
    key := "/path/to/cert.key"
    caCrt := "/path/to/my.ca"

    certificate, err := tls.LoadX509KeyPair(cert, key)
    if err != nil {
        return
    }   
    certPool := x509.NewCertPool()

    ca, err := ioutil.ReadFile(caCrt)
    if err != nil {
        return
    }

    if ok := certPool.AppendCertsFromPEM(ca); !ok {
        return
    }
    creds := credentials.NewTLS(&tls.Config{
        ClientAuth:   tls.RequireAndVerifyClientCert,
        Certificates: []tls.Certificate{certificate},
        ClientCAs:    certPool,
        MinVersion:   tls.VersionTLS12,
    })

    grpcServer := grpc.NewServer(grpc.Creds(creds))
    server := grpcserver.NewGrpcServer()
    grpcserver.RegisterGrpcServer(grpcServer, server)

    lis, err := net.Listen("tcp", "0.0.0.0:11311")      
    log.Fatal(grpcServer.Serve(lis))
}

本回答被题主选为最佳回答 , 对您是否有帮助呢?

报告相同问题？

关注问题

如何为gRPC TLS连接设置docker-compose容器？
2018-02-14 03:21

回答 1 已采纳 You are missing grpc.Creads(...) We are use this code: package main import( "crypto/tls"
如何在Golang中使用gRPC减小docker映像的大小？ docker
2019-02-18 08:21

回答 2 已采纳 try to make a multistage docker image like this # Compile stage FROM golang:1.11 as build-env R
如何调试gRPC-Go服务？
2016-11-25 15:44

回答 1 已采纳 Not sure if you've found a solution yet...but depending on how many services you have in your Appl
docker-compose搭建etcd cluster + etcd keeper +etcd grpc-proxy
2023-03-14 19:21

Niklauson的博客 https://www.cnblogs.com/flippedxyy/p/15558777.html
使用gRPC Docker容器构建Go时出错 docker
2017-09-25 18:52

回答 2 已采纳 You either need to add go get to your docker file, or you need to vendor the third party libraries
无法连接到在本地Docker容器中运行的Go GRPC服务器 docker
2017-05-11 09:40

回答 1 已采纳 When you specify a hostname or IP address to listen on (in this case localhost which resolves to
GRPC Golang服务器和NodeJS客户端。 TLS连接失败 node.js
2019-02-27 02:15

回答 1 已采纳 So the issue was that the certificate couldn't hold IP address as the hostname. It should have a n
docker-compose部署prometheus+grafana
2023-03-17 11:07

阿方很慌的博客 docker-compoes部署Prometheus
使用gRPC在容器之间进行通信 docker
2017-06-20 01:11

回答 1 已采纳 You need to include the hostname in the dial function, otherwise it's looking at localhost which i
如何正确设置gRPC客户端-服务器
2018-02-08 07:11

回答 2 已采纳 Is the server listening to that port? // Most linux lsof -i :3001 // OSX lsof -iTCP -sTCP:LISTE
gRPC客户端流式流控制如何进行？
2019-08-06 11:46

回答 1 已采纳 gRPC flow control is based on http2 flow control: https://http2.github.io/http2-spec/#FlowControl
Docker-compose快速搭建 Prometheus+Grafana监控系统
2022-12-09 17:07

至尊宝l的博客 Docker-compose快速搭建 Prometheus+Grafana监控系统
gRPC是否可以提供零服务器消息？
2019-05-13 20:58

回答 2 已采纳 Investigating further with a contrived server example: func (s *mygRPC) GetStatus(context.Context
6.启动配置网络节点 docker-compose启动文件
2023-07-04 16:49

youth_ymh的博客 hyperledger fabric 网络搭建部署; 1.hyperledger-fabric 介绍和资料整理 2.服务环境准备 3.安装fabric 二进制源码程序 ...6.启动配置网络节点 docker-compose启动文件 7.将组织加入通道 8.安装合约
Dify中的docker-compose.yaml分析-api
2024-07-08 08:35

NLP工程化的博客在docker-compose.yaml文件中，services包括api、worker、web、db、redis、weaviate、sandbox、ssrf_proxy和nginx。
没有解决我的问题, 去提问

悬赏问题

¥15 metadata提取的PDF元数据，如何转换为一个Excel
¥15 关于arduino编程toCharArray()函数的使用
¥100 vc++混合CEF采用CLR方式编译报错
¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误，如何解决？
¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
¥15 c#逐行读取txt文本，但是每一行里面数据之间空格数量不同
¥50 如何openEuler 22.03上安装配置drbd
¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
¥15 无线连接树莓派，无法执行update，如何解决？（相关搜索：软件下载）
¥15 Windows11, backspace, enter, space键失灵

码龄粉丝数原力等级 --

如何为gRPC TLS连接设置docker-compose容器？

Info

1条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

如何为gRPC TLS连接设置docker-compose容器？

Info

1条回答 默认 最新

悬赏问题

1条回答默认最新