Skip to main content

gRPC TLS

Proto.Remote can secure communication channels using TLS certificates.

Generating a development certificate

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=localhost"
openssl pkcs12 -export -out localhost.pfx -inkey key.pem -in cert.pem -passout pass:password

.NET

Server configuration:

var certificate = new X509Certificate2("localhost.pfx", "password");
var remoteConfig = GrpcNetRemoteConfig.BindTo(advertisedHost) with
{
UseHttps = true,
ConfigureKestrel = options =>
{
options.Protocols = HttpProtocols.Http2;
options.UseHttps(certificate);
}
};

Client validation:

var certificate = new X509Certificate2("localhost.pfx", "password");
var handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = (request, cert, chain, errors) =>
cert != null && cert.Thumbprint == certificate.Thumbprint;

var remoteConfig = GrpcNetRemoteConfig.BindToLocalhost() with
{
UseHttps = true,
ChannelOptions = new GrpcChannelOptions { HttpHandler = handler }
};

Go

package main

import (
"github.com/asynkron/protoactor-go/actor"
remote "github.com/asynkron/protoactor-go/remote"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
)

func main() {
// Load server cert and key
serverCreds, _ := credentials.NewServerTLSFromFile("server.crt", "server.key")
// Client credentials verify the server certificate
clientCreds, _ := credentials.NewClientTLSFromFile("server.crt", "")

cfg := remote.Configure("127.0.0.1", 8080,
remote.WithServerOptions(grpc.Creds(serverCreds)),
remote.WithDialOptions(grpc.WithTransportCredentials(clientCreds)),
)

remote.NewRemote(actor.NewActorSystem(), cfg).Start()
}

This configuration enables encrypted gRPC streaming between Proto.Actor nodes.