-
Notifications
You must be signed in to change notification settings - Fork 25.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add gRPC troubleshoot article (#13767)
- Loading branch information
Showing
4 changed files
with
120 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,117 @@ | ||
| --- | ||
| title: Troubleshoot gRPC on .NET Core | ||
| author: jamesnk | ||
| description: Troubleshoot errors when using gRPC on .NET Core. | ||
| monikerRange: '>= aspnetcore-3.0' | ||
| ms.author: jamesnk | ||
| ms.custom: mvc | ||
| ms.date: 08/12/2019 | ||
| uid: grpc/troubleshoot | ||
| --- | ||
| # Troubleshoot gRPC on .NET Core | ||
|
|
||
| By [James Newton-King](https://twitter.com/jamesnk) | ||
|
|
||
| ## Mismatch between client and service SSL/TLS configuration | ||
|
|
||
| The gRPC template and samples use [Transport Layer Security (TLS)](https://tools.ietf.org/html/rfc5246) to secure gRPC services by default. gRPC clients need to use a secure connection to call secured gRPC services successfully. | ||
|
|
||
| You can verify the ASP.NET Core gRPC service is using TLS in the logs written on app start. The service will be listening on an HTTPS endpoint: | ||
|
|
||
| ``` | ||
| info: Microsoft.Hosting.Lifetime[0] | ||
| Now listening on: https://localhost:5001 | ||
| info: Microsoft.Hosting.Lifetime[0] | ||
| Application started. Press Ctrl+C to shut down. | ||
| info: Microsoft.Hosting.Lifetime[0] | ||
| Hosting environment: Development | ||
| ``` | ||
|
|
||
| The .NET Core client must use `https` in the server address to make calls with a secured connection: | ||
|
|
||
| ```csharp | ||
| static async Task Main(string[] args) | ||
| { | ||
| var httpClient = new HttpClient(); | ||
| // The port number(5001) must match the port of the gRPC server. | ||
| httpClient.BaseAddress = new Uri("https://localhost:5001"); | ||
| var client = GrpcClient.Create<Greeter.GreeterClient>(httpClient); | ||
| } | ||
| ``` | ||
|
|
||
| All gRPC client implementations support TLS. gRPC clients from other languages typically require the channel configured with `SslCredentials`. `SslCredentials` specifies the certificate that the client will use, and it must be used instead of insecure credentials. For examples of configuring the different gRPC client implementations to use TLS, see [gRPC Authentication](https://www.grpc.io/docs/guides/auth/). | ||
|
|
||
| ## Call insecure gRPC services with .NET Core client | ||
|
|
||
| Additional configuration is required to call insecure gRPC services with the .NET Core client. The gRPC client must set the `System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport` switch to `true` and use `http` in the server address: | ||
|
|
||
| ```csharp | ||
| // This switch must be set before creating the HttpClient. | ||
| AppContext.SetSwitch("System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport", true); | ||
|
|
||
| var httpClient = new HttpClient(); | ||
| // The port number(5000) must match the port of the gRPC server. | ||
| httpClient.BaseAddress = new Uri("http://localhost:5000"); | ||
| var client = GrpcClient.Create<Greeter.GreeterClient>(httpClient); | ||
| ``` | ||
|
|
||
| ## Unable to start ASP.NET Core gRPC app on macOS | ||
|
|
||
| Kestrel doesn't support HTTP/2 with TLS on macOS and older Windows versions such as Windows 7. The ASP.NET Core gRPC template and samples use TLS by default. You'll see the following error message when you attempt to start the gRPC server: | ||
|
|
||
| > Unable to bind to https://localhost:5001 on the IPv4 loopback interface: 'HTTP/2 over TLS is not supported on macOS due to missing ALPN support.'. | ||
| To work around this issue, configure Kestrel and the gRPC client to use HTTP/2 *without* TLS. You should only do this during development. Not using TLS will result in gRPC messages being sent without encryption. | ||
|
|
||
| Kestrel must configure an HTTP/2 endpoint without TLS in *Program.cs*: | ||
|
|
||
| ```csharp | ||
| public static IHostBuilder CreateHostBuilder(string[] args) => | ||
| Host.CreateDefaultBuilder(args) | ||
| .ConfigureWebHostDefaults(webBuilder => | ||
| { | ||
| webBuilder.ConfigureKestrel(options => | ||
| { | ||
| // Setup a HTTP/2 endpoint without TLS. | ||
| options.ListenLocalhost(5000, o => o.Protocols = HttpProtocols.Http2); | ||
| }); | ||
| webBuilder.UseStartup<Startup>(); | ||
| }); | ||
| ``` | ||
|
|
||
| The gRPC client must also be configured to not use TLS. For more information, see [Call insecure gRPC services with .NET Core client](#call-insecure-grpc-services-with-net-core-client). | ||
|
|
||
| > [!WARNING] | ||
| > HTTP/2 without TLS should only be used during app development. Production apps should always use transport security. For more information, see [Security considerations in gRPC for ASP.NET Core](xref:grpc/security#transport-security). | ||
| ## gRPC C# assets are not code generated from *\*.proto* files | ||
|
|
||
| gRPC code generation of concrete clients and service base classes requires protobuf files and tooling to be referenced from a project. You must include: | ||
|
|
||
| * *.proto* files you want to use in the `<Protobuf>` item group. [Imported *.proto* files](https://developers.google.com/protocol-buffers/docs/proto3#importing-definitions) must be referenced by the project. | ||
| * Package reference to the gRPC tooling package [Grpc.Tools](https://www.nuget.org/packages/Grpc.Tools/). | ||
|
|
||
| For more information on generating gRPC C# assets, see <xref:grpc/basics>. | ||
|
|
||
| By default, a `<Protobuf>` reference generates a concrete client and a service base class. The reference element's `GrpcServices` attribute can be used to limit C# asset generation. Valid `GrpcServices` options are: | ||
|
|
||
| * `Both` (default when not present) | ||
| * `Server` | ||
| * `Client` | ||
| * `None` | ||
|
|
||
| An ASP.NET Core web app hosting gRPC services only needs the service base class generated: | ||
|
|
||
| ```xml | ||
| <ItemGroup> | ||
| <Protobuf Include="Protos\greet.proto" GrpcServices="Server" /> | ||
| </ItemGroup> | ||
| ``` | ||
|
|
||
| A gRPC client app making gRPC calls only needs the concrete client generated: | ||
|
|
||
| ```xml | ||
| <ItemGroup> | ||
| <Protobuf Include="Protos\greet.proto" GrpcServices="Client" /> | ||
| </ItemGroup> | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters