Add TLS to gRPC

cmd/rove-server/internal/server.go

@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"log"
 	"net"
+	"os"
+	"path"
 	"sync"
 
 	"github.com/mdiluz/rove/pkg/persistence"
@@ -11,9 +13,12 @@ import (
 	"github.com/mdiluz/rove/proto/roveapi"
 	"github.com/robfig/cron"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/reflection"
 )
 
+var cert = os.Getenv("CERT_NAME")
+
 const (
 	// PersistentData will allow the server to load and save it's state
 	PersistentData = iota
@@ -104,7 +109,20 @@ func (s *Server) Initialise(fillWorld bool) (err error) {
 	if err != nil {
 		log.Fatalf("failed to listen: %v", err)
 	}
-	s.grpcServ = grpc.NewServer()
+
+	// Load TLS
+	var opts []grpc.ServerOption
+	if len(os.Getenv("NO_TLS")) == 0 {
+		pem := path.Join("/etc/letsencrypt/live/", cert, "cert.pem")
+		key := path.Join("/etc/letsencrypt/live/", cert, "privkey.pem")
+		creds, err := credentials.NewServerTLSFromFile(pem, key)
+		if err != nil {
+			log.Fatalf("failed to setup TLS: %v", err)
+		}
+		opts = append(opts, grpc.Creds(creds))
+	}
+
+	s.grpcServ = grpc.NewServer(opts...)
 	roveapi.RegisterRoveServer(s.grpcServ, s)
 	reflection.Register(s.grpcServ)
 

cmd/rove-server/internal/server_test.go

@@ -1,6 +1,7 @@
 package internal
 
 import (
+	"os"
 	"testing"
 )
 
@@ -30,6 +31,7 @@ func TestNewServer_OptionPersistentData(t *testing.T) {
 }
 
 func TestServer_Run(t *testing.T) {
+	os.Setenv("NO_TLS", "1")
 	server := NewServer()
 	if server == nil {
 		t.Error("Failed to create server")
@@ -45,6 +47,7 @@ func TestServer_Run(t *testing.T) {
 }
 
 func TestServer_RunPersistentData(t *testing.T) {
+	os.Setenv("NO_TLS", "1")
 	server := NewServer(OptionPersistentData())
 	if server == nil {
 		t.Error("Failed to create server")

docker-compose-test.yml

@@ -13,6 +13,7 @@ services:
       - DATA_PATH=/tmp/
       - WORDS_FILE=data/words_alpha.txt
       - TICK_RATE=10
+      - NO_TLS=1
     command: [ "./rove-server"]
 
   rove-tests: