From b68fb9034a2ecff09cd85ec7c914b8bf37cf01d7 Mon Sep 17 00:00:00 2001
From: healthwaite <148101100+healthwaite@users.noreply.github.com>
Date: Sat, 13 Apr 2024 05:40:30 +0100
Subject: [PATCH] Add support for starting the server on a unix domain sockets
 (#542)

* Add support for unix domain sockets

Signed-off-by: Alex Reid <areid@akamai.com>

* Add documentation

Signed-off-by: Alex Reid <areid@akamai.com>

---------

Signed-off-by: Alex Reid <areid@akamai.com>
---
 README.md                 |  8 ++++++
 src/server/server_impl.go | 57 ++++++++++++++++++++++++++++-----------
 src/settings/settings.go  |  3 +++
 3 files changed, 52 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 3fb16b94..793e7607 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@
   - [GRPC Keepalive](#grpc-keepalive)
   - [Health-check](#health-check)
     - [Health-check configurations](#health-check-configurations)
+  - [GRPC server](#grpc-server)
 - [Request Fields](#request-fields)
 - [GRPC Client](#grpc-client)
   - [Commandline flags](#commandline-flags)
@@ -748,6 +749,13 @@ HEALTHY_WITH_AT_LEAST_ONE_CONFIG_LOADED default:"false"`
 If `HEALTHY_WITH_AT_LEAST_ONE_CONFIG_LOADED` is enabled then health check will start as unhealthy and becomes healthy if
 it detects at least one domain is loaded with the config. If it detects no config again then it will change to unhealthy.
 
+## GRPC server
+
+By default the ratelimit gRPC server binds to `0.0.0.0:8081`. To change this set
+`GRPC_HOST` and/or `GRPC_PORT`. If you want to run the server on a unix domain
+socket then set `GRPC_UDS`, e.g. `GRPC_UDS=/<dir>/ratelimit.sock` and leave
+`GRPC_HOST` and `GRPC_PORT` unmodified.
+
 # Request Fields
 
 For information on the fields of a Ratelimit gRPC request please read the information
diff --git a/src/server/server_impl.go b/src/server/server_impl.go
index 85c636b7..0b42b40f 100644
--- a/src/server/server_impl.go
+++ b/src/server/server_impl.go
@@ -50,20 +50,28 @@ type serverDebugListener struct {
 	listener  net.Listener
 }
 
+type grpcListenType int
+
+const (
+	tcp              grpcListenType = 0
+	unixDomainSocket grpcListenType = 1
+)
+
 type server struct {
-	httpAddress   string
-	grpcAddress   string
-	debugAddress  string
-	router        *mux.Router
-	grpcServer    *grpc.Server
-	store         gostats.Store
-	scope         gostats.Scope
-	provider      provider.RateLimitConfigProvider
-	runtime       loader.IFace
-	debugListener serverDebugListener
-	httpServer    *http.Server
-	listenerMu    sync.Mutex
-	health        *HealthChecker
+	httpAddress    string
+	grpcAddress    string
+	grpcListenType grpcListenType
+	debugAddress   string
+	router         *mux.Router
+	grpcServer     *grpc.Server
+	store          gostats.Store
+	scope          gostats.Scope
+	provider       provider.RateLimitConfigProvider
+	runtime        loader.IFace
+	debugListener  serverDebugListener
+	httpServer     *http.Server
+	listenerMu     sync.Mutex
+	health         *HealthChecker
 }
 
 func (server *server) AddDebugHttpEndpoint(path string, help string, handler http.HandlerFunc) {
@@ -197,9 +205,20 @@ func (server *server) Start() {
 
 func (server *server) startGrpc() {
 	logger.Warnf("Listening for gRPC on '%s'", server.grpcAddress)
-	lis, err := reuseport.Listen("tcp", server.grpcAddress)
+	var lis net.Listener
+	var err error
+
+	switch server.grpcListenType {
+	case tcp:
+		lis, err = reuseport.Listen("tcp", server.grpcAddress)
+	case unixDomainSocket:
+		lis, err = net.Listen("unix", server.grpcAddress)
+	default:
+		logger.Fatalf("Invalid gRPC listen type %v", server.grpcListenType)
+	}
+
 	if err != nil {
-		logger.Fatalf("Failed to listen for gRPC: %v", err)
+		logger.Fatalf("Failed to listen for gRPC on '%s': %v", server.grpcAddress, err)
 	}
 	server.grpcServer.Serve(lis)
 }
@@ -247,7 +266,13 @@ func newServer(s settings.Settings, name string, statsManager stats.Manager, loc
 
 	// setup listen addresses
 	ret.httpAddress = net.JoinHostPort(s.Host, strconv.Itoa(s.Port))
-	ret.grpcAddress = net.JoinHostPort(s.GrpcHost, strconv.Itoa(s.GrpcPort))
+	if s.GrpcUds != "" {
+		ret.grpcAddress = s.GrpcUds
+		ret.grpcListenType = unixDomainSocket
+	} else {
+		ret.grpcAddress = net.JoinHostPort(s.GrpcHost, strconv.Itoa(s.GrpcPort))
+		ret.grpcListenType = tcp
+	}
 	ret.debugAddress = net.JoinHostPort(s.DebugHost, strconv.Itoa(s.DebugPort))
 
 	// setup stats
diff --git a/src/settings/settings.go b/src/settings/settings.go
index 5a6c40f1..695c75aa 100644
--- a/src/settings/settings.go
+++ b/src/settings/settings.go
@@ -21,6 +21,9 @@ type Settings struct {
 	DebugPort int    `envconfig:"DEBUG_PORT" default:"6070"`
 
 	// GRPC server settings
+	// If GrpcUds is set we'll listen on the specified unix domain socket address
+	// rather then GrpcHost:GrpcPort. e.g. GrpcUds=/tmp/ratelimit.sock
+	GrpcUds  string `envconfig:"GRPC_UDS" default:""`
 	GrpcHost string `envconfig:"GRPC_HOST" default:"0.0.0.0"`
 	GrpcPort int    `envconfig:"GRPC_PORT" default:"8081"`
 	// GrpcServerTlsConfig configures grpc for the server