Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS for gRPC service #3336

Closed
sunng87 opened this issue Feb 20, 2024 · 1 comment · Fixed by #3957
Closed

TLS for gRPC service #3336

sunng87 opened this issue Feb 20, 2024 · 1 comment · Fixed by #3957
Labels
C-enhancement Category Enhancements good first issue Good for newcomers

Comments

@sunng87
Copy link
Member

sunng87 commented Feb 20, 2024

What type of enhancement is this?

Configuration

What does the enhancement do?

Add TLS support for our gRPC services (default port: 4001)

Implementation challenges

No response

@tisonkun
Copy link
Collaborator

FWIW, you may add .tls_config at L172:

let builder = tonic::transport::Server::builder()
.add_routes(routes)
.add_service(self.create_healthcheck_service())
.add_service(self.create_reflection_service());

where the ServerTlsConfig is constructed like:

pub fn with_tls_config(config: ChannelConfig) -> Result<Self> {
let mut cm = Self::with_config(config.clone());
// setup tls
let path_config = config.client_tls.context(InvalidTlsConfigSnafu {
msg: "no config input",
})?;
let server_root_ca_cert = std::fs::read_to_string(path_config.server_ca_cert_path)
.context(InvalidConfigFilePathSnafu)?;
let server_root_ca_cert = Certificate::from_pem(server_root_ca_cert);
let client_cert = std::fs::read_to_string(path_config.client_cert_path)
.context(InvalidConfigFilePathSnafu)?;
let client_key = std::fs::read_to_string(path_config.client_key_path)
.context(InvalidConfigFilePathSnafu)?;
let client_identity = Identity::from_pem(client_cert, client_key);
cm.client_tls_config = Some(
ClientTlsConfig::new()
.ca_certificate(server_root_ca_cert)
.identity(client_identity),
);
Ok(cm)
}

But I'm unfamiliar with TLS and don't know how to test it. So just share my finding that can be a start point.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C-enhancement Category Enhancements good first issue Good for newcomers
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants