mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-23 10:05:19 +00:00
Add tls certs as creds for grpc
This commit is contained in:
parent
59e48993f2
commit
30a2ccd975
116
app.go
116
app.go
@ -34,6 +34,8 @@ import (
|
||||
"golang.org/x/sync/errgroup"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/credentials"
|
||||
"google.golang.org/grpc/internal/credentials"
|
||||
|
||||
// "google.golang.org/grpc/credentials"
|
||||
"google.golang.org/grpc/metadata"
|
||||
@ -474,6 +476,13 @@ func (h *Headscale) Serve() error {
|
||||
zerolog.RespLog = false
|
||||
}
|
||||
|
||||
// Prepare group for running listeners
|
||||
errorGroup := new(errgroup.Group)
|
||||
|
||||
ctx := context.Background()
|
||||
ctx, cancel := context.WithCancel(ctx)
|
||||
defer cancel()
|
||||
|
||||
//
|
||||
//
|
||||
// Set up LOCAL listeners
|
||||
@ -507,39 +516,6 @@ func (h *Headscale) Serve() error {
|
||||
os.Exit(0)
|
||||
}(sigc)
|
||||
|
||||
//
|
||||
//
|
||||
// Set up REMOTE listeners
|
||||
//
|
||||
ctx := context.Background()
|
||||
ctx, cancel := context.WithCancel(ctx)
|
||||
|
||||
defer cancel()
|
||||
|
||||
tlsConfig, err := h.getTLSSettings()
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to set up TLS configuration")
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
// var httpListener net.Listener
|
||||
//
|
||||
// if tlsConfig != nil {
|
||||
// httpListener, err = tls.Listen("tcp", h.cfg.Addr, tlsConfig)
|
||||
// } else {
|
||||
// httpListener, err = net.Listen("tcp", h.cfg.Addr)
|
||||
// }
|
||||
// if err != nil {
|
||||
// return fmt.Errorf("failed to bind to TCP address: %w", err)
|
||||
// }
|
||||
//
|
||||
|
||||
//
|
||||
//
|
||||
// gRPC setup
|
||||
//
|
||||
|
||||
grpcGatewayMux := runtime.NewServeMux()
|
||||
|
||||
// Make the grpc-gateway connect to grpc over socket
|
||||
@ -561,33 +537,63 @@ func (h *Headscale) Serve() error {
|
||||
return err
|
||||
}
|
||||
|
||||
grpcOptions := []grpc.ServerOption{
|
||||
grpc.UnaryInterceptor(
|
||||
grpc_middleware.ChainUnaryServer(
|
||||
h.grpcAuthenticationInterceptor,
|
||||
zerolog.NewUnaryServerInterceptor(),
|
||||
),
|
||||
),
|
||||
}
|
||||
|
||||
grpcServer := grpc.NewServer(grpcOptions...)
|
||||
|
||||
// Start the local gRPC server without TLS and without authentication
|
||||
grpcSocket := grpc.NewServer(zerolog.UnaryInterceptor())
|
||||
|
||||
v1.RegisterHeadscaleServiceServer(grpcServer, newHeadscaleV1APIServer(h))
|
||||
v1.RegisterHeadscaleServiceServer(grpcSocket, newHeadscaleV1APIServer(h))
|
||||
reflection.Register(grpcServer)
|
||||
reflection.Register(grpcSocket)
|
||||
|
||||
var grpcListener net.Listener
|
||||
if tlsConfig != nil {
|
||||
grpcListener, err = tls.Listen("tcp", h.cfg.GRPCAddr, tlsConfig)
|
||||
} else {
|
||||
grpcListener, err = net.Listen("tcp", h.cfg.GRPCAddr)
|
||||
}
|
||||
errorGroup.Go(func() error { return grpcSocket.Serve(socketListener) })
|
||||
|
||||
//
|
||||
//
|
||||
// Set up REMOTE listeners
|
||||
//
|
||||
|
||||
tlsConfig, err := h.getTLSSettings()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to bind to TCP address: %w", err)
|
||||
log.Error().Err(err).Msg("Failed to set up TLS configuration")
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
//
|
||||
//
|
||||
// gRPC setup
|
||||
//
|
||||
|
||||
// If TLS has been enabled, set up the remote gRPC server
|
||||
if tlsConfig != nil {
|
||||
log.Info().Msgf("Enabling remote gRPC at %s", h.cfg.GRPCAddr)
|
||||
|
||||
grpcOptions := []grpc.ServerOption{
|
||||
grpc.UnaryInterceptor(
|
||||
grpc_middleware.ChainUnaryServer(
|
||||
h.grpcAuthenticationInterceptor,
|
||||
zerolog.NewUnaryServerInterceptor(),
|
||||
),
|
||||
),
|
||||
grpc.Creds(credentials.NewTLS(tlsConfig)),
|
||||
}
|
||||
|
||||
grpcServer := grpc.NewServer(grpcOptions...)
|
||||
|
||||
v1.RegisterHeadscaleServiceServer(grpcServer, newHeadscaleV1APIServer(h))
|
||||
reflection.Register(grpcServer)
|
||||
|
||||
var grpcListener net.Listener
|
||||
// if tlsConfig != nil {
|
||||
// grpcListener, err = tls.Listen("tcp", h.cfg.GRPCAddr, tlsConfig)
|
||||
// } else {
|
||||
grpcListener, err = net.Listen("tcp", h.cfg.GRPCAddr)
|
||||
// }
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to bind to TCP address: %w", err)
|
||||
}
|
||||
|
||||
errorGroup.Go(func() error { return grpcServer.Serve(grpcListener) })
|
||||
} else {
|
||||
log.Info().Msg("TLS is not configured, not enabling remote gRPC")
|
||||
}
|
||||
|
||||
//
|
||||
@ -619,10 +625,6 @@ func (h *Headscale) Serve() error {
|
||||
return fmt.Errorf("failed to bind to TCP address: %w", err)
|
||||
}
|
||||
|
||||
errorGroup := new(errgroup.Group)
|
||||
|
||||
errorGroup.Go(func() error { return grpcSocket.Serve(socketListener) })
|
||||
errorGroup.Go(func() error { return grpcServer.Serve(grpcListener) })
|
||||
errorGroup.Go(func() error { return httpServer.Serve(httpListener) })
|
||||
|
||||
log.Info().
|
||||
|
Loading…
Reference in New Issue
Block a user