fix: expose private API on private port (#9)

Because - Private gRPC API was being exposed on the public port This commit - Uses the private port to serve the Private Artifact API - Removes the exposure of the private port to the docker host. # Notes Other services listen and serve both the public and the private API through the grpc-gateway. In the case of this service this isn't needed for the private API as it doesn't expose any HTTP endpoints (other services don't need to, either, but it's already exposed). Therefore, the "listen and serve" strategy is a bit different. The gRPC config should already contain the TLS information, if present, so we don't need an if/else block for the private API.
instill-ai · Apr 2, 2024 · 9ef4b03 · 9ef4b03
1 parent 61bc325
commit 9ef4b03
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 16 deletions.
diff --git a/.env b/.env
@@ -4,8 +4,7 @@ K6_VERSION=0.42.0
 
 # service
 SERVICE_NAME=artifact-backend
-PUBLIC_SERVICE_PORT=8085
-PRIVATE_SERVICE_PORT=3085
+SERVICE_PORT=8085
 
 # container build
 DOCKER_BUILDKIT=1

diff --git a/Makefile b/Makefile
@@ -18,6 +18,7 @@ dev:							## Run dev container
 		-v $(PWD):/${SERVICE_NAME} \
 		-p ${PUBLIC_SERVICE_PORT}:${PUBLIC_SERVICE_PORT} \
 		-p ${PRIVATE_SERVICE_PORT}:${PRIVATE_SERVICE_PORT} \
+		-p ${SERVICE_PORT}:${SERVICE_PORT} \
 		--network instill-network \
 		--name ${SERVICE_NAME} \
 		instill/${SERVICE_NAME}:dev >/dev/null 2>&1

diff --git a/cmd/main/main.go b/cmd/main/main.go
@@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"fmt"
 	"log"
+	"net"
 	"net/http"
 	"os"
 	"os/signal"
@@ -216,7 +217,7 @@ func main() {
 	privateGrpcS := grpc.NewServer(grpcServerOpts...)
 	reflection.Register(privateGrpcS)
 	artifactPB.RegisterArtifactPrivateServiceServer(
-		publicGrpcS,
+		privateGrpcS,
 		handler.NewPrivateHandler(ctx, service),
 	)
 
@@ -276,22 +277,33 @@ func main() {
 		TLSConfig: tlsConfig,
 	}
 
+	privatePort := fmt.Sprintf(":%d", config.Config.Server.PrivatePort)
 	// Wait for interrupt signal to gracefully shutdown the server with a timeout of 5 seconds.
 	quitSig := make(chan os.Signal, 1)
 	errSig := make(chan error)
-	if config.Config.Server.HTTPS.Cert != "" && config.Config.Server.HTTPS.Key != "" {
-		go func() {
-			if err := publicHTTPServer.ListenAndServeTLS(config.Config.Server.HTTPS.Cert, config.Config.Server.HTTPS.Key); err != nil {
-				errSig <- err
-			}
-		}()
-	} else {
-		go func() {
-			if err := publicHTTPServer.ListenAndServe(); err != nil {
-				errSig <- err
-			}
-		}()
-	}
+
+	go func() {
+		privateListener, err := net.Listen("tcp", privatePort)
+		if err != nil {
+			errSig <- fmt.Errorf("failed to listen: %w", err)
+		}
+		if err := privateGrpcS.Serve(privateListener); err != nil {
+			errSig <- fmt.Errorf("failed to serve: %w", err)
+		}
+	}()
+
+	go func() {
+		var err error
+		switch {
+		case config.Config.Server.HTTPS.Cert != "" && config.Config.Server.HTTPS.Key != "":
+			err = publicHTTPServer.ListenAndServeTLS(config.Config.Server.HTTPS.Cert, config.Config.Server.HTTPS.Key)
+		default:
+			err = publicHTTPServer.ListenAndServe()
+		}
+		if err != nil {
+			errSig <- err
+		}
+	}()
 
 	span.End()
 	logger.Info("gRPC server is running.")