I'm trying to run a netty server with GRPC API on AWS ECS (on Fargate) behind an application load balancer for an Android GRPC client to connect to. Calls are forwarded but the server logs show an error like
io.grpc.netty.shaded.io.netty.handler.codec.http2.Http2Exception: HTTP/2 client preface string missing or corrupt. Hex dump for received bytes: 1603010102010000fe03036a5663244616ee784100b9d61c
I've read here that such an error is related to the client and server not both using SSL, which arguably is true in my case.
The server itself is not configured to use SSL (I wouldn't know which certificate to deploy it with).
The ALB provides an ACM public certificate to the client and should do SSL offloading I would expect. However, the fact that I cannot configure the load balancing target group with another protocol than HTTPS when protocol version is GRPC indicates otherwise.
Can anyone clarify this to me or have a working example?
This is the relevant ALB config of my cfn template:
ApplicationLoadBalancer:
Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
Properties:
Name: my-alb
Scheme: "internet-facing"
Type: "application"
Subnets:
- !Ref public-sn-1
- !Ref public-sn-2
SecurityGroups:
- !Ref ALBSecurityGroup
IpAddressType: "ipv4"
HubListener:
Type: "AWS::ElasticLoadBalancingV2::Listener"
Properties:
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port: 50051
Protocol: HTTPS
SslPolicy: "ELBSecurityPolicy-2016-08"
Certificates:
- CertificateArn: !Ref AlbCertificateArn
DefaultActions:
- Order: 1
TargetGroupArn: !Ref HubTargetGroup
Type: "forward"
HubTargetGroup:
Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
Properties:
Port: 50051
Protocol: HTTPS
ProtocolVersion: GRPC
HealthCheckEnabled: true
HealthCheckPath: "/grpc.health.v1.Health/Check"
HealthCheckPort: "traffic-port"
HealthCheckProtocol: HTTP
TargetType: ip
Matcher:
GrpcCode: 0
VpcId: !Ref VpcId
