启用HTTPS
上一节为 gRPC 添加证书以开启加密通信,这里复用服务器证书添加到 HTTP 服务中,开启加密通信。
测试一下
为了在 browser 上看到 HTTP 协议版本,增加一个 GET 方法的 API
在 echo.proto 新增服务 HealthCheck
syntax = "proto3";
package api.v1;
import "google/protobuf/empty.proto";
option go_package = "api.v1;pb";
message EchoRequest {
string message = 1;
}
message EchoResponse {
string message = 1;
}
service EchoService {
rpc HealthCheck(google.protobuf.Empty) returns (google.protobuf.Empty);
rpc Echo(EchoRequest) returns (EchoResponse) {}
}
在 gateway.yaml 中新增 GET 请求
type: google.api.Service
config_version: 3
# Please refer google.api.Http in https://github.com/googleapis/googleapis/blob/master/google/api/http.proto file for details.
http:
rules:
- selector: api.v1.EchoService.HealthCheck
get: /api/v1/health
- selector: api.v1.EchoService.Echo
post: /api/v1/echo
body: "*"
修改 HTTP 服务开启加密通信
package server
import (
"context"
"errors"
"net/http"
"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
"google.golang.org/grpc"
pb "go-web/api/gen/v1"
"go-web/configs"
"go-web/pkg/secure"
)
const (
HTTP_ADDR = ":8081"
CA_CERT = "certs/ca.cert.pem"
HTTP_CERT = "certs/server.cert.pem"
HTTP_KEY = "certs/server.key.pem"
)
func NewHTTP() (httpSvr *http.Server, err error) {
mux := runtime.NewServeMux(runtime.WithErrorHandler(errorHandler))
dialOption, err := secure.TLSDialOption(configs.Path(CA_CERT), "localhost")
if err != nil {
panic(err)
}
opts := []grpc.DialOption{dialOption}
err = pb.RegisterEchoServiceHandlerFromEndpoint(context.Background(), mux, GRPC_ADDR, opts)
if err != nil {
panic(err)
}
httpSvr = &http.Server{Addr: HTTP_ADDR, Handler: mux}
go func() {
err = httpSvr.ListenAndServeTLS(configs.Path(HTTP_CERT), configs.Path(HTTP_KEY))
if err != nil && !errors.Is(err, http.ErrServerClosed) {
panic(err)
}
}()
return
}
func errorHandler(ctx context.Context, mux *runtime.ServeMux, marshaler runtime.Marshaler, writer http.ResponseWriter, request *http.Request, err error) {
runtime.DefaultHTTPErrorHandler(ctx, mux, marshaler, writer, request, err)
}
访问 localhost:8081/api/v1/health ,因为CA证书是自签的,所以浏览器提示非安全连接。
将CA证书在 browser 中导入到 受信任的根证书颁发机构
现在 browser 访问即为安全连接,连接协议也为 HTTP/2.0