How to enable TLS for gRPC

In the Microservices Tutorial there’s a guide on creating a gRPC server using Akka HTTP new tab and Akka gRPC new tab. That example, though, will only bind a server supporting plaintext HTTP.

Enabling TLS for gRPC doesn’t differ from enabling TLS for other application protocols served over HTTP. You will need to follow these 3 steps:

  1. obtain a certificate

  2. create an HttpsConnectionContext

  3. setup the Http instance to use the HttpsConnectionContext

Follow the Akka HTTP documentation new tab for details on each of those steps.

Note that since gRPC requires HTTP/2, when you enable TLS for gRPC you also need to support Application-Layer Protocol Negotiation (ALPN) to negotiate whether both client and server support HTTP/2. The JVM provides ALPN support starting from JDK 8u252. Make sure you run a JVM greater than that.

See also the documentation on using the newServerAt(…​).bind() API when serving HTTPS new tab

Consume gRPC services over TLS

When consuming a gRPC that’s served over an encrypted (non plaintext) connection, you must setup the GrpcClientSettings to enable TLS and, optionally, reconfigure the ssl-provider if you want to fine tune what implementation to use. See the documentation for gRPC Client Configuration new tab for all the details.

Advanced configurations

If you want to run both HTTP and HTTPS side by side new tab you must create two Http instances and bind each instance to a different port. Both instances should share a single Route instance.