Hi, I am trying to setup tyk as API gateway for gRPC passthrough proxy. I am referring to this document gRPC Proxy for the setup.
I am using tyk open source setup (GitHub - TykTechnologies/tyk-gateway-docker: Docker compose deployment to run Tyk OSS Gateway ). I have added the following configuration for tyk
"http_server_options": {
"enable_websockets": true,
"enable_http2" : true,
"proxy_enable_http2": true
},
However, this seems to give an issue with permission denied when I am trying to access the grpc service.
Do we need dashboard for grpc proxy or is open source sufficient ?
Olu
March 30, 2023, 8:47am
2
@sharathchandramg Welcome to the community.
Could you share the permission denied error message you are getting?
From your config I can see proxy_enabled_http2 is a child of http_server_options . But it should be in at the root of the config instead.
No, you don’t need the dashboard. The gateway is sufficient
@Olu Thanks for clarification on the requirement for tyk dashboard.
ERROR:
Code: Unimplemented
Message: unexpected HTTP status code received from server: 404 (Not Found); transport: received unexpected content-type "text/plain; charset=utf-8"
I have a sample grpc service which I am able to invoke locally with
grpcurl --plaintext -d '{"name": "test111"}' localhost:9000 com.<package_name>.v1.HelloService/SayHello
However on running the grpc docker container, I am tying to invoke the same service with
grpcurl --plaintext --proto src/main/proto/random/hello.proto localhost:8080 com.cuezen.nsapi.schema.v1.HelloService/SayHello
The configuration for apps is
{
"name": "Hello Test API",
"api_id": "100",
"org_id": "default",
"proxy": {
"listen_path": "/SayHello",
"target_url": "h2c://localhost:9000",
"strip_listen_path": false
}
}
Is there any configuration I am missing here ?
Olu
March 30, 2023, 1:43pm
4
Well you are missing a couple of configurations. Version and auth mode
"use_keyless": true,
"version_data": {
"not_versioned": true,
"default_version": "",
"versions": {
"Default": {
"name": "Default",
"expires": "",
"paths": {},
"use_extended_paths": true,
"extended_paths": {}
}
}
}
But those are not the ones causing the issue. I see you have specified a listen path for your API. It should be the root path /
You also mentioned you are using docker. You may need to access localhost from the host inside the docker container .
@Olu , Thanks for the reply. I have added the version and auth mode configurations.
I tried updating the configuration on tyk apps to ensure that container can connect to host (nginx - From inside of a Docker container, how do I connect to the localhost of the machine? - Stack Overflow )
{
"name": "Hello Test API",
"api_id": "100",
"org_id": "default",
"proxy": {
"listen_path": "/",
"target_url": "h2c://<ip_address>:9000",
"strip_listen_path": false
}
}
{
"name": "Hello Test API",
"api_id": "100",
"org_id": "default",
"proxy": {
"listen_path": "/",
"target_url": "h2c://host.docker.internal:9000",
"strip_listen_path": false
}
}
With both of these I am getting the permission denied error
ERROR:
Code: PermissionDenied
Message: unexpected HTTP status code received from server: 403 (Forbidden); transport: received unexpected content-type "application/json"
What does this error mean ?
Olu
March 31, 2023, 8:48am
6
It means you haven’t added the version and auth mode. We have a schema that shows the minimum or required properties in an API definition. You can ignore the active property since that is a dashboard requirement instead.
{
"name": "Hello Test API",
"api_id": "100",
"org_id": "default",
"proxy": {
"listen_path": "/",
"target_url": "h2c://host.docker.internal:9000",
"strip_listen_path": false
},
"use_keyless": true,
"version_data": {
"not_versioned": true,
"default_version": "",
"versions": {}
}
}
If you examine the gateway logs , you may find more information about errors encountered. You may even enable debug logging to see more verbose logging.
If you are using docker then this thread would help
Hi, I am able to use tyk as grpc pass through with the suggested schema changes. Thanks a lot for the support @Olu