mirror of
https://github.com/strukturag/nextcloud-spreed-signaling
synced 2024-06-17 05:06:14 +02:00
Allow configuring GRPC transport credentials.
This commit is contained in:
parent
6f64ff901d
commit
b315c09a3b
|
@ -23,6 +23,7 @@ package signaling
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -31,6 +32,7 @@ import (
|
||||||
"github.com/dlintw/goconf"
|
"github.com/dlintw/goconf"
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
codes "google.golang.org/grpc/codes"
|
codes "google.golang.org/grpc/codes"
|
||||||
|
"google.golang.org/grpc/credentials"
|
||||||
"google.golang.org/grpc/credentials/insecure"
|
"google.golang.org/grpc/credentials/insecure"
|
||||||
status "google.golang.org/grpc/status"
|
status "google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
@ -52,8 +54,8 @@ type GrpcClient struct {
|
||||||
impl *grpcClientImpl
|
impl *grpcClientImpl
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewGrpcClient(target string) (*GrpcClient, error) {
|
func NewGrpcClient(target string, opts ...grpc.DialOption) (*GrpcClient, error) {
|
||||||
conn, err := grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()))
|
conn, err := grpc.Dial(target, opts...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -145,7 +147,19 @@ func (c *GrpcClients) load(config *goconf.ConfigFile) error {
|
||||||
c.mu.Lock()
|
c.mu.Lock()
|
||||||
defer c.mu.Unlock()
|
defer c.mu.Unlock()
|
||||||
|
|
||||||
targets, _ := config.GetString("grpc", "targets")
|
var opts []grpc.DialOption
|
||||||
|
caFile, _ := config.GetString("grpc", "ca")
|
||||||
|
if caFile != "" {
|
||||||
|
creds, err := credentials.NewClientTLSFromFile(caFile, "")
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("invalid GRPC CA in %s: %w", caFile, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
opts = append(opts, grpc.WithTransportCredentials(creds))
|
||||||
|
} else {
|
||||||
|
log.Printf("WARNING: No GRPC CA configured, expecting unencrypted connections")
|
||||||
|
opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
|
||||||
|
}
|
||||||
|
|
||||||
clientsMap := make(map[string]*GrpcClient)
|
clientsMap := make(map[string]*GrpcClient)
|
||||||
var clients []*GrpcClient
|
var clients []*GrpcClient
|
||||||
|
@ -155,6 +169,7 @@ func (c *GrpcClients) load(config *goconf.ConfigFile) error {
|
||||||
clientsMap[target] = client
|
clientsMap[target] = client
|
||||||
}
|
}
|
||||||
|
|
||||||
|
targets, _ := config.GetString("grpc", "targets")
|
||||||
for _, target := range strings.Split(targets, ",") {
|
for _, target := range strings.Split(targets, ",") {
|
||||||
target = strings.TrimSpace(target)
|
target = strings.TrimSpace(target)
|
||||||
if target == "" {
|
if target == "" {
|
||||||
|
@ -167,7 +182,7 @@ func (c *GrpcClients) load(config *goconf.ConfigFile) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
client, err := NewGrpcClient(target)
|
client, err := NewGrpcClient(target, opts...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
for target, client := range clientsMap {
|
for target, client := range clientsMap {
|
||||||
if closeerr := client.Close(); closeerr != nil {
|
if closeerr := client.Close(); closeerr != nil {
|
||||||
|
|
|
@ -31,6 +31,7 @@ import (
|
||||||
"github.com/dlintw/goconf"
|
"github.com/dlintw/goconf"
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/codes"
|
||||||
|
"google.golang.org/grpc/credentials"
|
||||||
status "google.golang.org/grpc/status"
|
status "google.golang.org/grpc/status"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -50,12 +51,25 @@ func NewGrpcServer(config *goconf.ConfigFile) (*GrpcServer, error) {
|
||||||
var err error
|
var err error
|
||||||
listener, err = net.Listen("tcp", addr)
|
listener, err = net.Listen("tcp", addr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not create GRPC server: %w", err)
|
return nil, fmt.Errorf("could not create GRPC listener %s: %w", addr, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
conn := grpc.NewServer()
|
var opts []grpc.ServerOption
|
||||||
|
certificateFile, _ := config.GetString("grpc", "certificate")
|
||||||
|
keyFile, _ := config.GetString("grpc", "key")
|
||||||
|
if certificateFile != "" && keyFile != "" {
|
||||||
|
creds, err := credentials.NewServerTLSFromFile(certificateFile, keyFile)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("invalid GRPC server certificate / key in %s / %s: %w", certificateFile, keyFile, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
opts = append(opts, grpc.Creds(creds))
|
||||||
|
} else {
|
||||||
|
log.Printf("WARNING: No GRPC server certificate and/or key configured, running unencrypted")
|
||||||
|
}
|
||||||
|
|
||||||
|
conn := grpc.NewServer(opts...)
|
||||||
result := &GrpcServer{
|
result := &GrpcServer{
|
||||||
conn: conn,
|
conn: conn,
|
||||||
listener: listener,
|
listener: listener,
|
||||||
|
|
|
@ -240,5 +240,14 @@ connectionsperhost = 8
|
||||||
# Comment line to disable the listener.
|
# Comment line to disable the listener.
|
||||||
#listen = 0.0.0.0:9090
|
#listen = 0.0.0.0:9090
|
||||||
|
|
||||||
|
# Certificate / private key to use for the GRPC server.
|
||||||
|
# Omit to use unencrypted connections.
|
||||||
|
#certificate = /path/to/grpc-server.crt
|
||||||
|
#key = /path/to/grpc-server.key
|
||||||
|
|
||||||
|
# CA certificate that is allowed to issue certificates of GRPC servers.
|
||||||
|
# Omit to expect unencrypted connections.
|
||||||
|
#ca = /path/to/grpc-ca.crt
|
||||||
|
|
||||||
# Comma-separated list of GRPC targets to connect to for clustering mode.
|
# Comma-separated list of GRPC targets to connect to for clustering mode.
|
||||||
#targets = 192.168.0.1:9090, 192.168.0.1:9091
|
#targets = 192.168.0.1:9090, 192.168.0.1:9091
|
||||||
|
|
Loading…
Reference in a new issue