GRPC API through AWS ALB

Question

Hi,
I'm trying to run a netty server with GRPC API on ECS (on Fargate) behind an application load balancer for an Android GRPC client to connect to. Calls are forwarded but the server logs show an error like

```
io.grpc.netty.shaded.io.netty.handler.codec.http2.Http2Exception: HTTP/2 client preface string missing or corrupt. Hex dump for received bytes: 1603010102010000fe03036a5663244616ee784100b9d61c
```

I've read that such an error might be related to the client and server not both using SSL, which arguably is true in my case.

The server itself is not configured to use SSL (I wouldn't know which certificate to deploy it with). The ALB is equipped with an ACM public certificate though and should do SSL offloading I would expect. However, the fact that I cannot configure the load balancing target group with another protocol than HTTPS when protocol version is GRPC indicates otherwise.

Can anyone clarify this to me or have a working example?
Any help would be much appreciated

This is the relevant ALB config of my cfn template:
```yaml
  ApplicationLoadBalancer:
    Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
    Properties:
      Name: my-alb
      Scheme: "internet-facing"
      Type: "application"
      Subnets:
        - !Ref public-sn-1
        - !Ref public-sn-2
      SecurityGroups:
        - !Ref ALBSecurityGroup
      IpAddressType: "ipv4"

HubListener:
    Type: "AWS::ElasticLoadBalancingV2::Listener"
    Properties:
      LoadBalancerArn: !Ref ApplicationLoadBalancer
      Port: 50051
      Protocol: HTTPS
      SslPolicy: "ELBSecurityPolicy-2016-08"
      Certificates:
        - CertificateArn: !Ref AlbCertificateArn
      DefaultActions:
        - Order: 1
          TargetGroupArn: !Ref HubTargetGroup
          Type: "forward"

HubTargetGroup:
    Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
    Properties:
      Port: 50051
      Protocol: HTTPS
      ProtocolVersion: GRPC
      HealthCheckEnabled: true
      HealthCheckPath: "/grpc.health.v1.Health/Check"
      HealthCheckPort: "traffic-port"
      HealthCheckProtocol: HTTP
      TargetType: ip
      Matcher:
        GrpcCode: 0
      VpcId: !Ref VpcId
```

Accepted Answer

You're configuring your target group as HTTPS so this is probalbly why you're receiving this error. You can configure your target group to be HTTP and this should allow to connect succesfully :

```
  HubTargetGroup:
    Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
    Properties:
      Port: 50051
      Protocol: HTTP #Changed from HTTPS
      ProtocolVersion: GRPC
      HealthCheckEnabled: true
      HealthCheckPath: "/grpc.health.v1.Health/Check"
      HealthCheckPort: "traffic-port"
      HealthCheckProtocol: HTTP
      TargetType: ip
      Matcher:
        GrpcCode: 0
      VpcId: !Ref VpcId
```

For reference, this blog post is doing pretty match the setup you describe but through the console: https://aws.amazon.com/blogs/aws/new-application-load-balancer-support-for-end-to-end-http-2-and-grpc/

GRPC API through AWS ALB

관련 콘텐츠