Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: enable TLS on GRPC server #6

Merged
merged 3 commits into from
Dec 19, 2023
+37 −4
Merged

feat: enable TLS on GRPC server #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1e33ede
feat: enable tls on grpc server
Dec 18, 2023
9184d0e
feat: add new non TLS grpc server for healthcheck
Dec 18, 2023
a32d2a1
Revert "feat: add new non TLS grpc server for healthcheck"
Dec 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .env.sample
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ SERVER_WEBSOCKET_WRITE_WAIT_INTERVAL_MS=5000
SERVER_WEBSOCKET_PINGER_SIZE=1

SERVER_GRPC_PORT=8081
SERVER_GRPC_TLS_ENABLED=false

WORKER_BUFFER_CHANNEL_SIZE=5
WORKER_BUFFER_FLUSH_TIMEOUT_MS=5000
Expand Down
1 change: 1 addition & 0 deletions .env.test
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ SERVER_WEBSOCKET_WRITE_WAIT_INTERVAL_MS=1000
SERVER_WEBSOCKET_PINGER_SIZE=1

SERVER_GRPC_PORT=8081
SERVER_GRPC_TLS_ENABLED=false

WORKER_BUFFER_CHANNEL_SIZE=5
WORKER_BUFFER_FLUSH_TIMEOUT_MS=5000
Expand Down
14 changes: 11 additions & 3 deletions config/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,10 @@ type serverWs struct {
}

type serverGRPC struct {
Port string
Port string
TLSEnabled bool
TLSCertPath string
TLSPublicKey string
}

func serverConfigLoader() {
Expand Down Expand Up @@ -71,9 +74,14 @@ func serverWsConfigLoader() {
}

func serverGRPCConfigLoader() {

viper.SetDefault("SERVER_GRPC_PORT", "8081")
viper.SetDefault("SERVER_GRPC_TLS_ENABLED", false)
viper.SetDefault("SERVER_GRPC_TLS_CERT_PATH", "cert/server.crt")
viper.SetDefault("SERVER_GRPC_TLS_PUBLIC_KEY", "cert/server.key")
ServerGRPC = serverGRPC{
Port: util.MustGetString("SERVER_GRPC_PORT"),
Port: util.MustGetString("SERVER_GRPC_PORT"),
TLSEnabled: util.MustGetBool("SERVER_GRPC_TLS_ENABLED"),
TLSCertPath: util.MustGetString("SERVER_GRPC_TLS_CERT_PATH"),
TLSPublicKey: util.MustGetString("SERVER_GRPC_TLS_PUBLIC_KEY"),
}
}
25 changes: 24 additions & 1 deletion services/grpc/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@ package grpc

import (
"context"
"crypto/tls"
"fmt"
"google.golang.org/grpc/credentials"
"net"

pbgrpc "buf.build/gen/go/gotocompany/proton/grpc/go/gotocompany/raccoon/v1beta1/raccoonv1beta1grpc"
Expand All @@ -17,7 +19,7 @@ type Service struct {
}

func NewGRPCService(c collection.Collector) *Service {
server := grpc.NewServer()
server := newGRPCServer()
pbgrpc.RegisterEventServiceServer(server, &Handler{C: c})
return &Service{
s: server,
Expand All @@ -41,3 +43,24 @@ func (s *Service) Shutdown(context.Context) error {
s.s.GracefulStop()
return nil
}

func newGRPCServer() *grpc.Server {
if config.ServerGRPC.TLSEnabled {
return grpc.NewServer(grpc.Creds(loadTLSCredentials()))
}
return grpc.NewServer()
}

func loadTLSCredentials() credentials.TransportCredentials {
serverCert, err := tls.LoadX509KeyPair(config.ServerGRPC.TLSCertPath, config.ServerGRPC.TLSPublicKey)
if err != nil {
panic("failed to load TLS credentials to start grpc server with TLS")
}

config := &tls.Config{
Certificates: []tls.Certificate{serverCert},
ClientAuth: tls.NoClientCert,
}

return credentials.NewTLS(config)
}
Loading