feat(grpc): enable tls support for grpc connection
This commit is contained in:
Alexader
parent
e64cd6f757
commit
6faa2029fc
|
|
@ -4,6 +4,7 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"path/filepath"
|
||||
|
||||
grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
|
||||
"github.com/meshplus/bitxhub-model/pb"
|
||||
|
|
@ -12,6 +13,7 @@ import (
|
|||
"github.com/meshplus/bitxhub/internal/repo"
|
||||
"github.com/sirupsen/logrus"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/credentials"
|
||||
)
|
||||
|
||||
type ChainBrokerService struct {
|
||||
|
|
@ -27,12 +29,25 @@ type ChainBrokerService struct {
|
|||
|
||||
func NewChainBrokerService(api api.CoreAPI, config *repo.Config, genesis *repo.Genesis) (*ChainBrokerService, error) {
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
server := grpc.NewServer(
|
||||
|
||||
grpcOpts := []grpc.ServerOption{
|
||||
grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor),
|
||||
grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor),
|
||||
grpc.MaxConcurrentStreams(1000),
|
||||
grpc.InitialWindowSize(10*1024*1024),
|
||||
grpc.InitialConnWindowSize(100*1024*1024))
|
||||
grpc.InitialWindowSize(10 * 1024 * 1024),
|
||||
grpc.InitialConnWindowSize(100 * 1024 * 1024),
|
||||
}
|
||||
|
||||
if config.Security.EnableTLS {
|
||||
pemFilePath := filepath.Join(config.RepoRoot, config.Security.PemFilePath)
|
||||
serverKeyPath := filepath.Join(config.RepoRoot, config.Security.ServerKeyPath)
|
||||
cred, err := credentials.NewServerTLSFromFile(pemFilePath, serverKeyPath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
grpcOpts = append(grpcOpts, grpc.Creds(cred))
|
||||
}
|
||||
server := grpc.NewServer(grpcOpts...)
|
||||
return &ChainBrokerService{
|
||||
logger: loggers.Logger(loggers.API),
|
||||
config: config,
|
||||
|
|
|
|||
|
|
@ -20,6 +20,11 @@ solo = false
|
|||
[gateway]
|
||||
allowed_origins = ["*"]
|
||||
|
||||
[security]
|
||||
enable_tls = false
|
||||
pem_file_path = "certs/server.pem"
|
||||
server_key_path = "certs/server.key"
|
||||
|
||||
[log]
|
||||
level = "info"
|
||||
dir = "logs"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAxb8QN5/lN53Z1Xz/3B1g3zQobpzuIxX2wqyQXPJ0v5O/DfgW
|
||||
BmYnT7bTwW2Ue9ezFrA2OxIvWYaiyApA66AmYQHZBFtq/FQAtsJbEv/M3PUs9zrp
|
||||
7GncH8u2Z580uibid+xonubdBWMt/3EaGby1KmRrtF/7yPQCW7sGSijFHFG5OthJ
|
||||
KJgpcSZnxl+DUGcLzvFZFtvj4H2w5/GyQ+0zhBy7TejTiR65ShrGnrenXc4y2DtM
|
||||
vjXca4BG/ZZXeDq+ia5XeW+8mv5KyQoSeLhjeIhx5X9b6bfyxSIMgG57rT5ml9/V
|
||||
cO6CoZUbyIweZG6wUoxeevnyBdJT4fq9lwPHxQIDAQABAoIBACDe58U3URTzqlgw
|
||||
lR9zyryPoQDyGSu/5OrrYHvy2bFWz/V0fcTGilZX389RddM4Qc7Nr9YV6cUJ+lki
|
||||
SzRfxMFvWzG8OIaFODEpEZaQ6u732memZWglGLA4XrPO5Sbke9TPeXygh7DzkZva
|
||||
oyoQElVfp/+tzN7UoOe6qQr+x/Uy3aLWXDgaTA6+ClSR8YDyHTO/GrMZFecX0uQw
|
||||
rqp/MkgK7dJD7qr5lhSvu8u5HbbHtHJG2A4E7FFLNZkb8AUuZf/gkobIJbylMdNs
|
||||
74wHSD53TYYIKrU6rLelXghkaGyE4Fmkmr0PNSK/U2cicCxKf3EDrmTlMWALupqq
|
||||
WHh6HcECgYEA6+ae8ttewamZoBzwd6PUfRURXS+/a2gN7qMOveZll7pyh3S59kEY
|
||||
ElEbuiv6iO4ELXmqdddQvNaO/6mKEiWqhx53C9bUnR9zKx7hsT0x2hmWVskWY1Yx
|
||||
aJO+VaUr3mbBPi5tWSJBqdUg6mGlUQ/ZeX8BeBhfSTxmCExRUcvOb00CgYEA1pg7
|
||||
DR1GF1dEwNUuzBB//V0LxqYeF45ADk/k6IqCp8pLXPGgxDW81wuos4pDdBHydS3M
|
||||
VOJcNZJqa15Z+sHAaLaukVlR1yItfe3FPMlAyN8e8UxPArHyryxPy2aBhqW5V6IO
|
||||
ywmWwMiW08U7IiUxWVWnlTSaOuAk772WjEwcblkCgYAS8MtmWHK9Pe7Vyj0Mfhz7
|
||||
hguE3eaSqyIjPPhcCvmxOwkjEx4zRXq3TcfaJNnS0LmJJTGokIctAlUs9eHeHyQY
|
||||
ATwxuSgNDY9jsPESGAW+qztE8JRZmXwSF3q6ya5CByIQ6g1hkLyQ9EnWR8zMO2eM
|
||||
t8PYbqyH5s+Sbv5AgQqsKQKBgQChU56JNGm+IGBSq7HbvcfKvMmelMHoqYtkdxG6
|
||||
9G5XIBDaFdjryQ5niJ9SIm6lctyY1U5YvjfeGm2gvDTe/AvfbP79zG1nU41pr3fp
|
||||
Q89Nc9e6RcjcWNT+dkyiuDRF+o7E39NJNrM7yVECcbML73QTGf67f+k2u81o4lms
|
||||
rYduOQKBgBVfQkOE0cjLVzZSgSQP1UWSAC6cdBvKRUzRQ1ACjkpR0nJpndIKiVwN
|
||||
RGYwIKbfmB6rjwjERSI93Yz0+z+u5/X2Di7SKHn/BeZQgtcWTm9i0O4146fM/PRS
|
||||
ND1TSzKmN84vbNhqYxLqgiW6dStgJ+c7U55VMmI11Qg9TXvPrnw6
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDejCCAmICCQDPTdgQXh+rkzANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJD
|
||||
TjELMAkGA1UECAwCWkoxCzAJBgNVBAcMAkhaMQ8wDQYDVQQKDAZRdUxpYW4xETAP
|
||||
BgNVBAsMCERhdGFNZXNoMQswCQYDVQQDDAJETTElMCMGCSqGSIb3DQEJARYWZGF0
|
||||
YW1lc2hAaHlwZXJjaGFpbi5jbjAeFw0yMDEwMTIxMTMyNTNaFw0zMDEwMTAxMTMy
|
||||
NTNaMH8xCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJaSjELMAkGA1UEBwwCSFoxDzAN
|
||||
BgNVBAoMBlF1TGlhbjERMA8GA1UECwwIRGF0YU1lc2gxCzAJBgNVBAMMAkRNMSUw
|
||||
IwYJKoZIhvcNAQkBFhZkYXRhbWVzaEBoeXBlcmNoYWluLmNuMIIBIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxb8QN5/lN53Z1Xz/3B1g3zQobpzuIxX2wqyQ
|
||||
XPJ0v5O/DfgWBmYnT7bTwW2Ue9ezFrA2OxIvWYaiyApA66AmYQHZBFtq/FQAtsJb
|
||||
Ev/M3PUs9zrp7GncH8u2Z580uibid+xonubdBWMt/3EaGby1KmRrtF/7yPQCW7sG
|
||||
SijFHFG5OthJKJgpcSZnxl+DUGcLzvFZFtvj4H2w5/GyQ+0zhBy7TejTiR65ShrG
|
||||
nrenXc4y2DtMvjXca4BG/ZZXeDq+ia5XeW+8mv5KyQoSeLhjeIhx5X9b6bfyxSIM
|
||||
gG57rT5ml9/VcO6CoZUbyIweZG6wUoxeevnyBdJT4fq9lwPHxQIDAQABMA0GCSqG
|
||||
SIb3DQEBCwUAA4IBAQA83n3UaIn78SMu9wCZc9hxS8wyRQmqJL/jpFMuY9xjU15L
|
||||
qdq9RUOC4EBHUE5sMm5wpptGzd0iQl9WTzbH/yN9amkrA8gefrHSkkXYEJ1EwFbU
|
||||
ls9H5jRE4XoYuO3YK6IDLJRqyj9Bzo9nJHMjUtdee2/3eMl+aGtR3IVquJ7RWLjl
|
||||
ZtUeK1AWsT2JDM8SLqCVJOOBxXYKXhR1uWyb6Dh3ywfy3sQoDDE1Z+HmpA0nV76+
|
||||
LNIxoVpDl6qtuyfrKUc14kRZpZIWm7UumDg3tf5YbkKl9szaUgzG3/W6Sr9CmLGI
|
||||
H4yll10DMmdO3xwsYwNxM3XAI1d5H6P6nWHfarM0
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -40,6 +40,14 @@ type Config struct {
|
|||
Txpool `json:"txpool"`
|
||||
Order `json:"order"`
|
||||
Executor `json:"executor"`
|
||||
Security Security `toml:"security" json:"security"`
|
||||
}
|
||||
|
||||
// Security are files used to setup connection with tls
|
||||
type Security struct {
|
||||
EnableTLS bool `mapstructure:"enable_tls"`
|
||||
PemFilePath string `mapstructure:"pem_file_path" json:"pem_file_path"`
|
||||
ServerKeyPath string `mapstructure:"server_key_path" json:"server_key_path"`
|
||||
}
|
||||
|
||||
type Port struct {
|
||||
|
|
|
|||
Loading…
Reference in New Issue