GRPC not working with https #7248
Comments
AdrianoAE
added
B-bug
|
This seems to be more of a DNS problem that a TLS problem. Can you try to consume |
|
I've tried that, but gave it another try |
|
any update on this? |
|
AFAIK it's atypical to use a http protocol to connect to a grpc server. Without a proxy, a regular gRPC server is expecting Please provide screenshots of both postman and insomnia including the request and response panes |
|
There isn't much to show, it simply works with Postman
The implementation is done by Microsoft under https://github.com/grpc/grpc-dotnet Tried with
|
|
Same problem. I'm exposing a .NET Web API on 5002 (HTTP) and (5052 (HTTPS), after creating a project from the .NET GRPC service template. HTTP works. In Postman both just works. Setup: HTTP response: HTTPS response: |
|
Postman is a closed source project. So I can't compare their implementation to insomnia, if you could try grpcurl or grpcui and let us know if it works for you that would be a huge help for us to solve this for you. @modestotech could you take a look at the .NET logs and see if this comment looks familar grpc/grpc-node#2340 (comment) |
|
here's the endpoint tried via grpcurl here's the endpoint tried via postman, here's the error in insomnia, |
|
I have the same issue. After some testing: use grpcs:// insted of https! |
|
@jackkav any feedback based on the last comments? |
|
Same here. |
|
You must provide grpcs:// in order to use gRPC TLS.
gRPC/S is not reachable over HTTP/S. From your screenshot I see that in postman you don't provide a protocol fragment in your url and it is assuming you have TLS enabled. Insomnia works similarly but we assume you are not using TLS if you don't provide the protocol. As you can see TLS is only enabled when grpcs is provided. gRPC doesn't gracefully downgrade, so insomnia needs to know if your server has TLS enabled or not and the grpcs:// prefix implicitly tells it that. I'm not sure changing this default will be desirable for our existing users. I'm also unsure of any UX that would make this clearer without introducing more inconsistency between various request types. As in the case of @Gradlon providing the protocol is the solution here. |
|
Thanks for your answer @jackkav but as I mentioned previously it also does not work with grpcs: grpcs://127.0.0.1:51811 |
|
@AdrianoAE were you able to get it to work with the two other open source grpc clients I listed above?
According to this issue, and the linked article, there are 2 forms of gRPC TLS. Insomnia only currently supports insecure and service side TLS. It is possible your server is expecting a mutual TLS connection. If that were the case, we would need to wire up a cert config to both HTTP and gRPC requests and you would need to provide insomnia with a 3 certificate files to pass to the server. I can take a look and see if we can add mTLS support in #8002 but I'm still not sure this is the issue you are facing since its not clear if you have implemented server side TLS or mutual TLS. |
|
Hello, @jackkav. I am trying to do the same as the others above. syntax = "proto3";
service Greeter {
rpc SayHello (HelloRequest) returns (HelloReply);
}
message HelloRequest {
string name = 1;
}
message HelloReply {
string message = 1;
}I tried using $ docker run fullstorydev/grpcurl host.docker.internal:5001 Greeter/SayHello
Failed to dial target host "host.docker.internal:5001": tls: failed to verify certificate: x509: certificate is valid for localhost, Riddle, not host.docker.internal
This is expected because I had not added "host.docker.internal" to the self-signed certificate. After adding it, I ran the same command again and received the following error: $ docker run fullstorydev/grpcurl host.docker.internal:5001 Greeter/SayHello
Failed to dial target host "host.docker.internal:5001": tls: failed to verify certificate: x509: certificate signed by unknown authority
This is correct because the CA is not trusted. Since I wanted to make an insecure request, I configured $ docker run fullstorydev/grpcurl -insecure host.docker.internal:5001 "Greeter/SayHello"
{
"message": "Olá"
}
Then, I went to $ .\grpcui.exe -insecure localhost:5001
Then, I went to Postman, disabled server certificate validation in the settings, and it worked as well. Next, I went to Insomnia, and in Application > Preferences, I unchecked the "Validate certificates" checkbox to disable certificate validation. When calling the same host and port, but adding grpcs:// at the beginning, I received a certificate error: Since adding |
|
Additionally, I saw in .NET console that when a request WORKS, I get the following logs: However, when I call from Insomnia and it DOES NOT WORK, I got these logs. |
|
I got the logs from Insomnia logs folder. Holpe it helps. |
|
Just a thought... Since I am seeing the log https://github.com/Kong/insomnia/blob/08e20b65d03d213eb2cee275de0 insomnia/packages/insomnia/src/main/ipc/grpc.ts Lines 362 to 365 in 08e20b6 @jackkav, is it possible that we should use The While the I saw this PR on grpc/grpc-node adding reject authorization for TLS 2 days ago. Maybe this is also an alternative to be passed in |
|
@darnley Nice catch, thanks for sharing. I think we could just wire up this skip verification argument to the insomnia general preferences and it should unblock this. I think we need to wait a week or two for the next grpc-js to go out. I tried to use createInsecure with a local gRPC tls server and got the same |
Good! I think that the fix on grpc/grpc-node#2812 and grpc/grpc-node#2811 that enable us to configure reject unauthorized will fix this issue. I setup my PC to set environment variable
Then I did the same request in Insomnia and IT WORKED!
|
|
grpc-js 1.12.0 landed! So I'll be upgrading grpc-js in #8044 and wiring up reject unauthorized in a follow up PR so expect this to be coming next week. A little later I'll try to add mTLS support too. |
Expected Behavior
Be able to call GRPC server with https endpoint.
Actual Behavior
When running GRPC server in .NET the endpoint will be
https://localhost:XXXX, the current parser does not allow to specify https and the connection fails.Error invoking remote method 'grpc.loadMethodsFromReflection': Error: 14 UNAVAILABLE: Name resolution failed for target dns:https://localhost:51811The server is running properly since Postman has no issues, insomnia can't connect at all. Replacing https with grpcs does not work.
Reproduction Steps
No response
Is there an existing issue for this?
Additional Information
No response
Insomnia Version
8.6.1
What operating system are you using?
Windows
Operating System Version
Windows 11
Installation method
insomnia.rest
Last Known Working Insomnia version
No response
The text was updated successfully, but these errors were encountered: