possible to support tls?

[ouvaa]

what is the current workaround other than putting a tls terminator e.g. nginx in front?

hertz already have tls, just wondering why / how does hertz have it when netpoll and kitex cant have it. not sure how the tls layer is done.

also, how much work is it to port hertz's tls to netpoll / kitex etc?
sry for my newbie question.

[GuangmingLuo]

As you know, TLS is not supported in Netpoll.
For Hertz, you may switch to go net lib instead if you need TLS.
For RPC (Kitex), it's similar. But I recommand to use Envoy as a sidecar to support mTLS.

[kolinfluence]

i've tried chatgpt for answer but it's useless and not working.

can you show an example code for kitex rpc using tls? envoy is too troublesome and needing to route through tcp. would prefer to use tls code within prorgram.

[felix021]

As replied before, Kitex doesn't support TLS natively with netpoll.

You may switch to gonet with server.WithTransHandlerFactory:

f := detection.NewSvrTransHandlerFactory(
    gonet.NewSvrTransHandlerFactory(),
    nphttp2.NewSvrTransHandlerFactory(), // it's necessary for gRPC support
)

svr := yourservice.NewServer(handler, server.WithTransHandlerFactory(f))