keymaster cli doesn't work w/ keymaster behind AWS ALB

[erikespinoza]

For, not so great reasons, I am unable to put the valid x509 cert on the keymaster server. For this reason I am terminating https on an ALB. This works fine for browser, but I am unable to get the keymaster cli to work through this, receiving HTTP 464.

As a workaround I had added golang.org/x/net/http2 and ensured every request in the client had client.Transport = &http2.Transport{}. This unblocked my issue.

HTTP 464
The load balancer received an incoming request protocol that is incompatible with the version config of the target group protocol.

Possible causes:

The request protocol is an HTTP/1.1, while the target group protocol version is a gRPC or HTTP/2.

The request protocol is a gRPC, while the target group protocol version is an HTTP/1.1.

The request protocol is an HTTP/2 and the request is not POST, while target group protocol version is a gRPC.

[cviecco]

I am back, @erikespinoza can you share your AWS ALB configuration (also, is this still an issue?)

[erikespinoza]

I have a workaround where I force the connection to http2 in the keymaster client. It's fine for us and I think we can mark this as resolved if terminating TLS on ALB is not a supported strategy.

The ALB is configured to have the valid cert, listens on 443 and points to 443 on the host running keymaster.