Lagom with gRPC with SSL enabled in production

I’m following the sample project “grpc-example-scala” and trying to implement a proof of concept for a system of microservices communicating using gRPC. I have issues when running it outside of SBT with SSL enabled, issues caused it seems by the fact that the HTTPS port is not exposed.

I added all the workarounds necessary to run the project in DEV mode (hard-coded HTTPS ports, mapping from service name to the HTTPS url) and I manage to run the runAll command using the provided SBT wrapper.

Now as a next step, I perform a docker:publish and start one service in a container using

docker run IMAGE_ID

I connect to the container using

docker container ls
docker exec -i -t CONTAINER_ID /bin/bash

and inside the container I do

bash-4.4$ netstat -tnlp

This outputs:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0* LISTEN 1/java
tcp 0 0* LISTEN 1/java

As you can see only the HTTP and the default Akka HTTP ports are exposed. The hard-coded HTTPS port is missing.

Same behavior can be observed when running the services inside a Kubernetes cluster and using the command to connect to the pod:

kubectl exec info-service-impl-deployment-7d44bffcf9-pfcml -c info-service-impl -it bash

I created the Kubernetes service using this YML file

apiVersion: "v1"
kind: Service
  name: info-service-impl-service
    - name: http
      port: 80
      targetPort: 9000
    - name: https
      port: 443
      targetPort: 11000
    app: info-service-impl
  type: LoadBalancer

where 11000 is defined in build.sbt

val info-service-impl-HTTPS-port = 11000
.settings(lagomServiceHttpsPort := info-service-impl-HTTPS-port)

The loaders are implemented along these lines

class InfoServiceLoader extends LagomApplicationLoader {

    def load(context: LagomApplicationContext): LagomApplication =
        new InfoServiceApplication(context) with AkkaDiscoveryComponents

    override def loadDevMode(context: LagomApplicationContext): LagomApplication =
        new InfoServiceApplication(context) with LagomDevModeComponents

and application.conf includes the required settings

play.application.loader = com.lagomgrpc.InfoServiceLoader
play.server.pidfile.path = /dev/null
play.http.secret.key = "change+me"
akka.discovery.method = akka-dns

Can you see any obvious explanation for this behavior?

lagomServiceHttpsPort only affects development mode. For production configuration, you should follow these instructions: