Hi,
I'm trying to run a netty server with GRPC API on ECS (on Fargate) behind an application load balancer for an Android GRPC client to connect to. Calls are forwarded but the server logs show an error like
io.grpc.netty.shaded.io.netty.handler.codec.http2.Http2Exception: HTTP/2 client preface string missing or corrupt. Hex dump for received bytes: 1603010102010000fe03036a5663244616ee784100b9d61c
I've read that such an error might be related to the client and server not both using SSL, which arguably is true in my case.
The server itself is not configured to use SSL (I wouldn't know which certificate to deploy it with). The ALB is equipped with an ACM public certificate though and should do SSL offloading I would expect. However, the fact that I cannot configure the load balancing target group with another protocol than HTTPS when protocol version is GRPC indicates otherwise.
Can anyone clarify this to me or have a working example?
Any help would be much appreciated
This is the relevant ALB config of my cfn template:
ApplicationLoadBalancer:
Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
Properties:
Name: my-alb
Scheme: "internet-facing"
Type: "application"
Subnets:
- !Ref public-sn-1
- !Ref public-sn-2
SecurityGroups:
- !Ref ALBSecurityGroup
IpAddressType: "ipv4"
HubListener:
Type: "AWS::ElasticLoadBalancingV2::Listener"
Properties:
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port: 50051
Protocol: HTTPS
SslPolicy: "ELBSecurityPolicy-2016-08"
Certificates:
- CertificateArn: !Ref AlbCertificateArn
DefaultActions:
- Order: 1
TargetGroupArn: !Ref HubTargetGroup
Type: "forward"
HubTargetGroup:
Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
Properties:
Port: 50051
Protocol: HTTPS
ProtocolVersion: GRPC
HealthCheckEnabled: true
HealthCheckPath: "/grpc.health.v1.Health/Check"
HealthCheckPort: "traffic-port"
HealthCheckProtocol: HTTP
TargetType: ip
Matcher:
GrpcCode: 0
VpcId: !Ref VpcId
Thank you, I was somehow stuck thinking it needed to be HTTPS end-to-end due to a different error message I received concerning ALB listener configuration earlier...