kyle/eng-pad-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
691301daded3a15a937397e9c5be95ab73175070
eng-pad-server/internal/grpcserver/server.go
Kyle Isom 691301dade Update docs for Docker-on-deimos deployment, add grpc_plain_addr option 
- ARCHITECTURE.md: document nginx + direct gRPC topology, add
  grpc_plain_addr config, update cert filenames to Let's Encrypt
  convention, add passwd to CLI table
- RUNBOOK.md: replace systemctl/journalctl with docker commands,
  fix cert path references, improve sync troubleshooting steps
- Example config: update cert paths, document grpc_plain_addr option
- grpcserver: add optional plaintext gRPC listener for reverse proxy
- config: add GRPCPlainAddr field

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 08:58:01 -07:00

70 lines
1.7 KiB
Go
Raw Blame History

package grpcserver
import (
"crypto/tls"
"database/sql"
"fmt"
"log/slog"
"net"
pb "git.wntrmute.dev/kyle/eng-pad-server/gen/engpad/v1"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
)
type Config struct {
Addr string
PlainAddr string
TLSCert string
TLSKey string
DB *sql.DB
BaseURL string
}
// Start creates and starts the gRPC server. It returns the server so the
// caller can manage graceful shutdown. The server runs in a background
// goroutine; errors are sent to errCh.
func Start(cfg Config) (*grpc.Server, error) {
cert, err := tls.LoadX509KeyPair(cfg.TLSCert, cfg.TLSKey)
if err != nil {
return nil, fmt.Errorf("load TLS cert: %w", err)
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
MinVersion: tls.VersionTLS13,
}
lis, err := net.Listen("tcp", cfg.Addr)
if err != nil {
return nil, fmt.Errorf("listen %s: %w", cfg.Addr, err)
}
srv := grpc.NewServer(
grpc.Creds(credentials.NewTLS(tlsConfig)),
grpc.UnaryInterceptor(AuthInterceptor(cfg.DB)),
)
syncSvc := &SyncService{DB: cfg.DB, BaseURL: cfg.BaseURL}
pb.RegisterEngPadSyncServiceServer(srv, syncSvc)
slog.Info("gRPC server started", "addr", cfg.Addr)
go func() { _ = srv.Serve(lis) }()
// Optional plaintext listener for reverse proxy (e.g. nginx grpc_pass).
if cfg.PlainAddr != "" {
plainLis, err := net.Listen("tcp", cfg.PlainAddr)
if err != nil {
return nil, fmt.Errorf("listen %s: %w", cfg.PlainAddr, err)
}
plainSrv := grpc.NewServer(
grpc.UnaryInterceptor(AuthInterceptor(cfg.DB)),
)
pb.RegisterEngPadSyncServiceServer(plainSrv, syncSvc)
slog.Info("gRPC plaintext server started", "addr", cfg.PlainAddr)
go func() { _ = plainSrv.Serve(plainLis) }()
}
return srv, nil
}
Reference in New Issue View Git Blame Copy Permalink