Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for forward proxy/MitM proxy for gRPC-Web mode #243

Open
ofirc opened this issue Dec 19, 2024 · 1 comment
Open

Add support for forward proxy/MitM proxy for gRPC-Web mode #243

ofirc opened this issue Dec 19, 2024 · 1 comment

Comments

@ofirc
Copy link

ofirc commented Dec 19, 2024
edited
Loading

Hi,
Does the gRPC-Web mode honour the https_proxy env vars for TLS targets?
The question is for both forward proxy and man-in-the-middle proxies listening on HTTP ports (not HTTPS).
Not sure if it's tested / supported.
Saw this related PR:
#163

Thanks!
Ofir
@ofirc
Copy link
Author

ofirc commented Dec 19, 2024

That's the code I used but the traffic doesn't get routed to the proxy and I don't see any logs on the proxy end.
Wondering if the client.ConnectWithProxy and other functions need to be modified to support a proxy server.

package main

import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"log"
	"os"
	"time"

	"github.com/ofirc/grpc-http1/hello"
	"golang.stackrox.io/grpc-http1/client"
)

func main() {
	//grpclog.SetLoggerV2(grpclog.NewLoggerV2WithVerbosity(os.Stdout, os.Stderr, os.Stderr, 99))

	// Load the server certificate
	certFile := "cert.pem"
	certPool := x509.NewCertPool()
	cert, err := ioutil.ReadFile(certFile)
	if err != nil {
		log.Fatalf("Failed to read certificate: %v", err)
	}
	if !certPool.AppendCertsFromPEM(cert) {
		log.Fatalf("Failed to append server certificate")
	}

	// Create TLS configuration for the client
	tlsClientConfig := &tls.Config{
		RootCAs:            certPool,
		ServerName:         "localhost",          // Match the server's certificate
		InsecureSkipVerify: false,                // Ensure proper server validation
		NextProtos:         []string{"http/1.1"}, // Explicitly set ALPN to "http/1.1"
	}

	// Connect to the server with grpc-http1 over HTTP/1.1
	conn, err := client.ConnectViaProxy(context.Background(), "localhost:8443", tlsClientConfig)
	if err != nil {
		log.Fatalf("Failed to connect: %v", err)
	}
	defer conn.Close()

	fmt.Println(os.Getenv("http_proxy"))
	fmt.Println(os.Getenv("HTTP_PROXY"))
	fmt.Println(os.Getenv("https_proxy"))
	fmt.Println(os.Getenv("HTTPS_PROXY"))

	// Create a HelloService client
	client := hello.NewHelloServiceClient(conn)

	// Call the SayHello RPC
	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
	defer cancel()

	req := &hello.HelloRequest{Name: "World"}
	resp, err := client.SayHello(ctx, req)
	if err != nil {
		log.Fatalf("Failed to call SayHello: %v", err)
	}
	log.Println("Response:", resp.Message)
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ofirc