我有一个 gRPC 客户端和一个服务器作为两个用 docker-compose 声明的 docker 容器。
version: '3.3'
services:
apiserver:
image: golang:latest
container_name: apiserver
expose:
- "3000"
ports:
- "3000:3000"
command: go run cmd/apiserver/main.go
userserver:
image: golang:latest
container_name: userserver
expose:
- "3001"
ports:
- "3001:3001"
command: go run cmd/userserver/main.go
我省略了一些东西,比如体积等,因为我认为它们与问题无关。
当客户端尝试调用服务器时,我收到错误 TLS handshake error from 172.22.0.1:34824: tls: oversized record received with length 21536
服务器(用户服务器):
lis, err := net.Listen("tcp", "userserver:3001")
if err != nil {
logger.Critical(ctx, "failed to listen: %v", err)
}
grpcServer := grpc.NewServer()
userServer := userserver.New()
pb.RegisterDomainServer(grpcServer, userServer)
rpcErr := grpcServer.Serve(lis)
if rpcErr != nil {
logger.Critical(ctx, "failed to serve: %v", rpcErr)
}
客户端(apiserver):
conn, err := grpc.Dial("userserver:3001", grpc.WithInsecure())
if err != nil {
return err
}
defer conn.Close()
client := pb.NewDomainClient(conn)
_, err = client.Dispatch(ctx, &pb.Command{
Name: command,
Payload: payload,
})
信息
client是apiserver
,userserver
是gRPC server,client之所以叫apiserver
是因为它也是http代理.所以 apiserver
容器尝试调用 userserver
容器
最佳答案
你缺少 grpc.Creads(...)
我们正在使用这段代码:
package main
import(
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"io/ioutil"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"mysource.com/packages/grpcserver"
)
func main(){
cert := "/path/to/cert.crt"
key := "/path/to/cert.key"
caCrt := "/path/to/my.ca"
certificate, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
return
}
certPool := x509.NewCertPool()
ca, err := ioutil.ReadFile(caCrt)
if err != nil {
return
}
if ok := certPool.AppendCertsFromPEM(ca); !ok {
return
}
creds := credentials.NewTLS(&tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
Certificates: []tls.Certificate{certificate},
ClientCAs: certPool,
MinVersion: tls.VersionTLS12,
})
grpcServer := grpc.NewServer(grpc.Creds(creds))
server := grpcserver.NewGrpcServer()
grpcserver.RegisterGrpcServer(grpcServer, server)
lis, err := net.Listen("tcp", "0.0.0.0:11311")
log.Fatal(grpcServer.Serve(lis))
}
关于go - 如何为 gRPC TLS 连接设置 docker-compose 容器?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48779121/