I have an application that successfully runs the Glowroot Agent. I'm trying to setup a Glowroot Collector for the agent to communicate with.
In my local environment, I run the collector at glowroot.local.mydomain.com with a self-signed certificate, with gRPC using SSL via an NGINX proxy sitting in front of Glowroot, each in it's own Docker container. This works fine.
My problem arises when I deploy to AWS. With our other (large) applications, we run on EC2 with an ALB in front, using certificates from ACM, with SSL terminating at the LB.
I'm trying to do the same with Glowroot - running at glowroot.staging.mydomain.com (and eventually at just glowroot.mydomain.com) - but given that Glowroot requires gRPC, which in turn requires HTTP/2, I can't get it to work with an ALB, given that ALBs always convert HTTP/2 requests to HTTP/1.1.
I've looked at Classic LBs, but they don't do SSL termination, which is an obvious issue, and I couldn't get a NLB to work.
Has anyone got any experience with resolving this kind of issue? I've seen that if the gRPC requests are coming from a browser then gRPC-Web is an option, but what if the requests are coming from another service (in this case the Glowroot agent)?
So I ended up fixing this with by running Glowroot on an EC2 with no load balancing, running Traefik as a proxy, and using Traefik's pretty simple integration with Lets Encrypt for SSL.