Merge pull request #1 from sunsided/feature/tls

TLS
sunsided · Nov 3, 2023 · cbd2640 · cbd2640
2 parents c971862 + 4acf4cc
commit cbd2640
Show file tree

Hide file tree

Showing 10 changed files with 413 additions and 12 deletions.
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -0,0 +1,51 @@
+name: Rust
+
+on:
+  push:
+    branches:
+      - main
+      - feature/*
+  pull_request:
+    branches:
+      - main
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  checks:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+          - windows-latest
+
+        toolchain:
+          - 1.73.0
+          - stable
+          - nightly
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: ${{ matrix.toolchain }}
+          profile: minimal
+          override: true
+          components: rustfmt, clippy
+      - name: Install Protoc
+        uses: arduino/setup-protoc@v1
+      - uses: Swatinem/rust-cache@v2
+        with:
+          key: ${{ runner.os }}-${{ hashFiles('Cargo.lock') }}-${{ matrix.toolchain }}
+      - name: Build
+        run: cargo build
+      - name: Run tests
+        run: cargo test
+      - name: clippy
+        run: cargo clippy -- --deny "warnings"
+      - name: fmt
+        run: cargo fmt -- --check
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,16 +9,20 @@ axum = { version = "0.6.20", features = ["http2"] }
 ctrlc = "3.4.1"
 dotenvy = "0.15.7"
 exitcode = "1.1.2"
-futures-util = "0.3.29"
 hyper = { version = "0.14.27", features = ["http1", "http2"] }
 log = "0.4.20"
 pin-project = "1.1.3"
 prost = "0.12.1"
+rustls = "0.21.8"
 tokio = { version = "1.33.0", features = ["rt-multi-thread", "macros"] }
 tonic = "0.10.2"
 tonic-reflection = "0.10.2"
 tracing = "0.1.40"
 tracing-subscriber = { version = "0.3.17", features = ["env-filter", "json"] }
+rustls-pemfile = "1.0.3"
+tokio-rustls = "0.24.1"
+tls-listener = { version = "0.8.0", features = ["rustls", "hyper-h1", "hyper-h2"] }
+futures-util = "0.3.29"
 
 [build-dependencies]
 tonic-build = "0.10.2"
diff --git a/README.md b/README.md
@@ -1,17 +1,72 @@
-# gRPC and HTTP/1.1 co-hosting
+# Tonic gRPC and Axum HTTP/1.1+2 co-hosting in Rust
 
 An attempt at hosting HTTP/1.1, HTTP/2 and gRPC on the same port(s).
 
+Multiple Hyper servers are spawned on different endpoints to showcase the use of binding to different IP addresses
+and ports while reusing the same server components. A Hyper service is used to switch the incoming traffic based on the
+`content-type` header and if `application/grpc` is detected, traffic is forwarded to the Tonic server; all other
+cases forward to Axum. This allows for transparent use of HTTP/1.1 and HTTP/2 (prior knowledge), as well
+as ALPN on the TLS-enabled ports.
+
+This project uses:
+
+- [Hyper] as the server for HTTP/1 and HTTP/2 support.
+  - [tls-listener] with [tokio-rustls] is used to provide TLS with `h2` and `http/1.1` ALPN support.
+- [Axum] as the HTTP server.
+- [Tonic] as the gRPC server.
+
+[Hyper]: https://github.com/hyperium/hyper
+[Axum]: https://github.com/tokio-rs/axum
+[Tonic]: https://github.com/hyperium/tonic
+[tls-listener]: https://github.com/tmccombs/tls-listener
+[tokio-rustls]: https://github.com/rustls/tokio-rustls
+
+## Curl
+
+### non-TLS
+
+```shell
+curl -v http://127.0.0.1:36849/
+curl -v http://127.1.0.1:36849/
+curl --http2-prior-knowledge --insecure -vv https://127.0.0.1:36849/
+```
+
+### TLS with ALPN
+
+```shell
+curl --insecure -v https://127.0.0.1:36850/
+curl --http1.1 --insecure -vv https://127.0.0.1:36850/
+curl --http2 --insecure -vv https://127.0.0.1:36850/
+```
+
+## nghttp (HTTP/2)
+
+```shell
+nghttp -v http://127.0.0.1:36849
+nghttp -y -v https://127.0.0.1:36850
+```
+
 ## gRPC testing
 
 Use gRPC reflection to introspect the service: 
 
 ```shell
-grpcurl --plaintext --use-reflection 127.0.0.1:50052 list
+grpcurl --plaintext --use-reflection 127.0.0.1:36849 list
+grpcurl --insecure --use-reflection 127.0.0.1:36850 list
 ```
 
 Send a test request:
 
 ```shell
-grpcurl --plaintext --use-reflection -d '{ "message": "World" }' 127.0.0.1:50052 example.YourService/YourMethod
+grpcurl --plaintext --use-reflection -d '{ "message": "World" }' 127.0.0.1:36849 example.YourService/YourMethod
+grpcurl --insecure --use-reflection -d '{ "message": "World" }' 127.0.0.1:36850 example.YourService/YourMethod
 ```
+
+## Recommended reads
+
+The _Combining Axum, Hyper, Tonic, and Tower for hybrid web/gRPC apps_ series:
+
+- [Part 1: Overview of Tower](https://www.fpcomplete.com/blog/axum-hyper-tonic-tower-part1/)
+- [Part 2: Understanding Hyper, and first experiences with Axum](https://www.fpcomplete.com/blog/axum-hyper-tonic-tower-part2/)
+- [Part 3: Demonstration of Tonic for a gRPC client/server](https://www.fpcomplete.com/blog/axum-hyper-tonic-tower-part3/)
+- [Part 4: How to combine Axum and Tonic services into a single service](https://www.fpcomplete.com/blog/axum-hyper-tonic-tower-part4/)
diff --git a/certs/server.crt b/certs/server.crt
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFwTCCA6mgAwIBAgIUPnWB8oaSufyY/RTe3j6sSP1rMi4wDQYJKoZIhvcNAQEL
+BQAwbzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVy
+bGluMRQwEgYDVQQKDAt3aWRlbWVhZG93czEUMBIGA1UECwwLd2lkZW1lYWRvd3Mx
+EjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0yMzExMDMyMTEyMDNaGA8yMTIzMTAxMDIx
+MTIwM1owbzELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwG
+QmVybGluMRQwEgYDVQQKDAt3aWRlbWVhZG93czEUMBIGA1UECwwLd2lkZW1lYWRv
+d3MxEjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
+AgoCggIBAM8TJ3266Hxoy7qH+/fgdvkF+G6MlPVljzyAKMxkXGenwSWqL7yhUe65
+KOc4zhkGra1Hu2gkwyNyMbZ3Jo+McG57Mel5H58u9mBSaO90QqqKnqYJZQTCpaN3
+Er+ofBstmX5dodCns5QkHITvsgNc3r1byaNM8tblyfHg4SxmQFDOE/7uZoVwT1s0
+/o2FhP9xnbih6u2C/jqewLc9U9qLMJdsoyPrpY4461hR1KVERUMXhMJ4qAK8Rx8o
+yWysht1/q0/5KcsjGPM/bI96nCuhKNIGjxztxW3EBE8XweI6juPU0fVAVrc8WlLy
+l1knh8PtsLN8/Zjt7a2WzFJ7Bm0E0B1Kuq9Ak2ioGRjhxZHjvWpLxskjeHxQ3OKo
+3EozVbggHFyX/hVQT4h9D0AzyVZltTSGQAO1tYntADxKTOKuUIaK75zSrLxljIHa
+Bkwclv4XmymWUFVXCax8MeZYqpVv0ldQcKjJXMsQVrhz5LEnAmdAZ3mNYu72PY/Q
+BxwU9Oml7AZb/yN6fpbV0DvTLLs7J+9uBr650lfxhIO5g1hNFxxAvPtyN2BlWCJZ
+HRuSRD7Y1hfW15i5G2nVXCQgOw2YS9x4FZexhInsx6rZhC7JqdVpDwsaZNJi2mLb
+9qBEzYV4R84rGksiWpKMzpG6/IlH/JxBCzmMDyLyPClbvPLkkdWBAgMBAAGjUzBR
+MB0GA1UdDgQWBBQLmLQju6nFGHR5tDq139kATq1QEjAfBgNVHSMEGDAWgBQLmLQj
+u6nFGHR5tDq139kATq1QEjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
+A4ICAQCD2leDQVm2qtmVZuQSXSMyBccOI7Yq/dS8N+XBcPStZVhOFZF0s+8qU9sV
+Ymnmguwz33nUM5RtpwsNXjQQgmNHHPPBidPTSpPqhmBc2msGJ5rbEXACdC2YaDNy
+Y3nbiB2L5Mff17+DIlZlJy70Cd72dbQErhos1Re2Rl0qQ0ign3a+jxC9FhW7w4M+
++s1mum+kTriCGl94zLOBvfoYIpqTXoZpt0QxOV73zLY3DZVHbz+tJ8NziszSAGHo
+8rWea+p+1J6cIE1LFSt64Qb0MhtgBDYL208PQt5vv0iv+kLawZPNJMqVAvjyTdlz
+JMNc84W2rUbCNqblHRNylzs24RI0VLH5oHLaSUNTyQ7G9iSBvPQgOjU2ipVYruRS
+NYUn4wNlXkjI9wgVRN1kKAAgGJxeYd+hm9ZlSot+CQyWlz6/TryWIhQBGPdPoFyN
+BNq+FO6s3oVs3T+bSaQRcBJV5xVGG0yoUd3OEWIQODqiQsqTi7SJ1MYaeQ09vvw5
+lOMlrUAvhUV75Zh5o7TwH1Qd915/bygZq8f2Nn7P+Fld3+GZ/8yvfQYWRehfkiy8
+aN7z0JsIRv/Smi+trhieLy9uAPKoP/VaPv5f9/uCaFlBM//8qGvCBeE9r8OgtV7q
+7fI8BjgO0Pi2YdIbW1w5qqa57hozskkUf/IGlwrDa8ZlBstZmg==
+-----END CERTIFICATE-----