[#549] grpc/server: Add TLS encryption

Add TLS to config. Add server side encryption if it is configured so. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru>
2021-05-14 12:11:49 +03:00 · 2021-05-14 12:11:49 +03:00 · e10981a7d3
commit e10981a7d3
parent 5a3a27ba9f
2 changed files with 39 additions and 2 deletions
--- a/cmd/neofs-node/grpc.go
+++ b/cmd/neofs-node/grpc.go
@ -7,6 +7,7 @@ import (
 	"github.com/nspcc-dev/neofs-node/pkg/util/logger"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 )

 func initGRPC(c *cfg) {
@ -15,9 +16,20 @@ func initGRPC(c *cfg) {
 	c.cfgGRPC.listener, err = net.Listen("tcp", c.viper.GetString(cfgListenAddress))
 	fatalOnErr(err)

-	c.cfgGRPC.server = grpc.NewServer(
+	serverOpts := []grpc.ServerOption{
 		grpc.MaxSendMsgSize(maxMsgSize),
-	)
+	}
+
+	if c.cfgGRPC.tlsEnabled {
+		creds, err := credentials.NewServerTLSFromFile(c.cfgGRPC.tlsCertFile, c.cfgGRPC.tlsKeyFile)
+		if err != nil {
+			fatalOnErr(fmt.Errorf("could not read credentionals from file: %w", err))
+		}
+
+		serverOpts = append(serverOpts, grpc.Creds(creds))
+	}
+
+	c.cfgGRPC.server = grpc.NewServer(serverOpts...)

 	c.onShutdown(func() {
 		stopGRPC("NeoFS Public API", c.cfgGRPC.server, c.log)