Update docs for Docker-on-deimos deployment, add grpc_plain_addr option

- ARCHITECTURE.md: document nginx + direct gRPC topology, add grpc_plain_addr config, update cert filenames to Let's Encrypt convention, add passwd to CLI table - RUNBOOK.md: replace systemctl/journalctl with docker commands, fix cert path references, improve sync troubleshooting steps - Example config: update cert paths, document grpc_plain_addr option - grpcserver: add optional plaintext gRPC listener for reverse proxy - config: add GRPCPlainAddr field Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 08:58:01 -07:00
parent 2185bbe563
commit 691301dade
6 changed files with 80 additions and 41 deletions
--- a/internal/grpcserver/server.go
+++ b/internal/grpcserver/server.go
@@ -13,11 +13,12 @@ import (
 )

 type Config struct {
-	Addr    string
-	TLSCert string
-	TLSKey  string
-	DB      *sql.DB
-	BaseURL string
+	Addr      string
+	PlainAddr string
+	TLSCert   string
+	TLSKey    string
+	DB        *sql.DB
+	BaseURL   string
 }

 // Start creates and starts the gRPC server. It returns the server so the
@@ -50,5 +51,19 @@ func Start(cfg Config) (*grpc.Server, error) {
 	slog.Info("gRPC server started", "addr", cfg.Addr)
 	go func() { _ = srv.Serve(lis) }()

+	// Optional plaintext listener for reverse proxy (e.g. nginx grpc_pass).
+	if cfg.PlainAddr != "" {
+		plainLis, err := net.Listen("tcp", cfg.PlainAddr)
+		if err != nil {
+			return nil, fmt.Errorf("listen %s: %w", cfg.PlainAddr, err)
+		}
+		plainSrv := grpc.NewServer(
+			grpc.UnaryInterceptor(AuthInterceptor(cfg.DB)),
+		)
+		pb.RegisterEngPadSyncServiceServer(plainSrv, syncSvc)
+		slog.Info("gRPC plaintext server started", "addr", cfg.PlainAddr)
+		go func() { _ = plainSrv.Serve(plainLis) }()
+	}
+
 	return srv, nil
 }