gRPC-gateway开启HTTPS

CHSnake
157 阅读1分钟

启用HTTPS

上一节为 gRPC 添加证书以开启加密通信,这里复用服务器证书添加到 HTTP 服务中,开启加密通信。

测试一下

为了在 browser 上看到 HTTP 协议版本,增加一个 GET 方法的 API

echo.proto 新增服务 HealthCheck

syntax = "proto3";

package api.v1;

import "google/protobuf/empty.proto";

option go_package = "api.v1;pb";

message EchoRequest {
  string message = 1;
}

message EchoResponse {
  string message = 1;
}

service EchoService {
  rpc HealthCheck(google.protobuf.Empty) returns (google.protobuf.Empty);

  rpc Echo(EchoRequest) returns (EchoResponse) {}
}

gateway.yaml 中新增 GET 请求

type: google.api.Service
config_version: 3

# Please refer google.api.Http in https://github.com/googleapis/googleapis/blob/master/google/api/http.proto file for details.
http:
  rules:
    - selector: api.v1.EchoService.HealthCheck
      get: /api/v1/health
    - selector: api.v1.EchoService.Echo
      post: /api/v1/echo
      body: "*"

修改 HTTP 服务开启加密通信

package server

import (
    "context"
    "errors"
    "net/http"

    "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
    "google.golang.org/grpc"

    pb "go-web/api/gen/v1"
    "go-web/configs"
    "go-web/pkg/secure"
)

const (
    HTTP_ADDR = ":8081"
    CA_CERT   = "certs/ca.cert.pem"
    HTTP_CERT = "certs/server.cert.pem"
    HTTP_KEY  = "certs/server.key.pem"
)

func NewHTTP() (httpSvr *http.Server, err error) {
    mux := runtime.NewServeMux(runtime.WithErrorHandler(errorHandler))
    dialOption, err := secure.TLSDialOption(configs.Path(CA_CERT), "localhost")
    if err != nil {
        panic(err)
    }
    opts := []grpc.DialOption{dialOption}

    err = pb.RegisterEchoServiceHandlerFromEndpoint(context.Background(), mux, GRPC_ADDR, opts)
    if err != nil {
        panic(err)
    }

    httpSvr = &http.Server{Addr: HTTP_ADDR, Handler: mux}
    go func() {
        err = httpSvr.ListenAndServeTLS(configs.Path(HTTP_CERT), configs.Path(HTTP_KEY))
        if err != nil && !errors.Is(err, http.ErrServerClosed) {
            panic(err)
        }
    }()
    return
}

func errorHandler(ctx context.Context, mux *runtime.ServeMux, marshaler runtime.Marshaler, writer http.ResponseWriter, request *http.Request, err error) {
    runtime.DefaultHTTPErrorHandler(ctx, mux, marshaler, writer, request, err)
}

访问 localhost:8081/api/v1/health ,因为CA证书是自签的,所以浏览器提示非安全连接。

将CA证书在 browser 中导入到 受信任的根证书颁发机构

现在 browser 访问即为安全连接,连接协议也为 HTTP/2.0

avatar
文章
阅读
粉丝