How to enable TLS for gRPC
In the Microservices Tutorial there’s a guide on creating a gRPC server using Akka HTTP and Akka gRPC . That example, though, will only bind a server supporting plaintext HTTP.
Enabling TLS for gRPC doesn’t differ from enabling TLS for other application protocols served over HTTP. You will need to follow these 3 steps:
obtain a certificate
Httpinstance to use the
Follow the Akka HTTP documentation for details on each of those steps.
Note that since gRPC requires HTTP/2, when you enable TLS for gRPC you also need to support Application-Layer Protocol Negotiation (ALPN) to negotiate whether both client and server support HTTP/2. The JVM provides ALPN support starting from JDK 8u252. Make sure you run a JVM greater than that.
See also the documentation on using the
Consume gRPC services over TLS
When consuming a gRPC that’s served over an encrypted (non
plaintext) connection, you must setup the
GrpcClientSettings to enable TLS and, optionally, reconfigure the
ssl-provider if you want to fine tune what implementation to use. See the documentation for gRPC Client Configuration for all the details.
If you want to run both HTTP and HTTPS side by side you must create two
Http instances and bind each instance to a different port. Both instances should share a single