基于 HostSNI 使用 Traefik 连接到 gRPC 服务。

huangapple go评论67阅读模式
英文:

Connect to service in Traefik based on HostSNI with gRPC

问题

public class GrpcClient {
    public GrpcClient(String host, int port) {
        this(ManagedChannelBuilder.forAddress(host, port).usePlaintext());
    }

    public GrpcClient(ManagedChannelBuilder<?> channelBuilder) {
        channel = channelBuilder.build();
        blockingStub = ServiceGrpc.newBlockingStub(channel);
        asyncStub = ServiceGrpc.newStub(channel);
    }
    public void shutdown() throws InterruptedException {
        channel.shutdown().awaitTermination(5, TimeUnit.SECONDS);
    }
}
英文:

I want to have 1 entrypoint in Traefik, and then two different routers that routes based on HostSNI. I don't really know how I can access these different services based on the HostSNI

My entrypoint is :5160.

Two different routers that goes to two different services.
One has the rule HostSNI(&#39;service-1.local&#39;), the other one has the rule HostSNI(&#39;service-2.local&#39;).

How can I with gRPC in Java connect to these services?

My client so far:

public class GrpcClient {
     public GrpcClient(String host, int port) {
        this(ManagedChannelBuilder.forAddress(host, port).usePlaintext());
    }

    public GrpcClient(ManagedChannelBuilder&lt;?&gt; channelBuilder) {
        channel = channelBuilder.build();
        blockingStub = ServiceGPRC.newBlockingStub(channel);
        asyncStub = ServiceGRPC.newStub(channel);
    }
    public void shutdown() throws InterruptedException {
        channel.shutdown().awaitTermination(5, TimeUnit.SECONDS);
    }
}

</details>


# 答案1
**得分**: 1

SNI 是 TLS 扩展因此需要使用 TLS另请参阅 https://docs.traefik.io/routing/routers/#rule_1。

在您的 GrpcClient 中您不能使用明文而必须使用 TLS 通道请参阅示例 https://github.com/grpc/grpc-java/tree/master/examples/example-tls。SNI 是从授权中设置的,您可以使用 ManagedChannelBuilder#overrideAuthority 进行覆盖。

<details>
<summary>英文:</summary>

SNI is a TLS extension so requires use of TLS. Also see https://docs.traefik.io/routing/routers/#rule_1 .

In your GrpcClient you then cannot use plaintext but have to use a TLS channel. See the example https://github.com/grpc/grpc-java/tree/master/examples/example-tls. The SNI is set up from the authority which you can override with ManagedChannelBuilder#overrideAuthority.

</details>



huangapple
  • 本文由 发表于 2020年4月9日 17:11:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/61117674.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定