Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Signal Service listen on a standard 443/80 port instead of 10000 #396

Merged
merged 4 commits into from
Jul 25, 2022
Merged

Make Signal Service listen on a standard 443/80 port instead of 10000 #396

merged 4 commits into from
Jul 25, 2022

Conversation

braginini
Copy link
Contributor

@braginini braginini commented Jul 23, 2022
edited
Loading

This PR is a part of an effort to use standard ports (443 or 80) that are usually allowed by default in most of the environments.

Right now Signal Service runs the Let'sEncrypt manager on port 443
and a gRPC server on port 10000. There are two separate listeners.
This PR combines these listeners into one
With this change, the gRPC server runs on either 443 with TLS or 80 without TLS
by default (no --port specified).
Let's Encrypt manager always runs on port 443 if enabled.
The backward compatibility server runs on port 10000 (with TLS or without).

Agents that are running and on status Online will still be connected to 10000.
Triggering Agent restart of any version will force it to connect to port 443.

@braginini braginini changed the title Make Signal Service listen on a standard 443 or 80 port instead of 10000 Make Signal Service listen on a standard 443/80 port instead of 10000 Jul 23, 2022
@braginini
Copy link
Contributor Author

braginini commented Jul 24, 2022
edited
Loading

1. TLS enabled, --port=10000 (equals to previous versions).

./signal run --log-level debug --log-file console --letsencrypt-domain test.wiretrustee.com --port 10000

No multiplexing, HTTP, and gRPC are running on separate ports - 443 and 10000 respectively:

time="2022-07-24T17:03:59+02:00" level=info msg="running with LetsEncrypt (test.wiretrustee.com). Cert will be stored in /var/lib/netbird/letsencrypt" file="letsencrypt.go:21"
time="2022-07-24T17:03:59+02:00" level=info msg="running gRPC server: [::]:10000" file="run.go:225"
time="2022-07-24T17:03:59+02:00" level=info msg="running HTTP server: [::]:443" file="run.go:198"
time="2022-07-24T17:03:59+02:00" level=info msg="started Signal Service" file="run.go:157"

2. TLS enabled, --port is not specified.

run --log-level debug --log-file console --letsencrypt-domain test.wiretrustee.com

Multiplexing. HTTP and gRPC sharing port 443. Compatibility gRPC server runs on 10000:

time="2022-07-24T17:12:00+02:00" level=info msg="running with LetsEncrypt (test.wiretrustee.com). Cert will be stored in /var/lib/netbird/letsencrypt" file="letsencrypt.go:21"
time="2022-07-24T17:12:00+02:00" level=info msg="running gRPC backward compatibility server: [::]:10000" file="run.go:214"
time="2022-07-24T17:12:00+02:00" level=info msg="running gRPC server: [::]:443" file="run.go:225"
time="2022-07-24T17:12:00+02:00" level=info msg="running HTTP server: [::]:443" file="run.go:198"
time="2022-07-24T17:12:00+02:00" level=info msg="running gRPC and HTTP server in a multiplex mode on port 443" file="run.go:188"
time="2022-07-24T17:12:00+02:00" level=info msg="started Signal Service" file="run.go:157"

3. TLS disabled, --port is not specified

run --log-level debug --log-file console

No multiplexing. The HTTP server isn't running. gRPC server runs on 80. Compatibility gRPC server runs on 10000:

time="2022-07-24T17:14:42+02:00" level=info msg="running gRPC backward compatibility server: [::]:10000" file="run.go:214"
time="2022-07-24T17:14:42+02:00" level=info msg="running gRPC server: [::]:80" file="run.go:225"
time="2022-07-24T17:14:42+02:00" level=info msg="started Signal Service" file="run.go:157"

4. TLS disabled, --port=10000 (equals to previous versions):

run --log-level debug --log-file console --port 10000

No multiplexing. The HTTP server isn't running. A single gRPC server runs on 10000:

time="2022-07-24T17:18:13+02:00" level=info msg="running gRPC server: [::]:10000" file="run.go:225"
time="2022-07-24T17:18:13+02:00" level=info msg="started Signal Service" file="run.go:157"

@braginini braginini marked this pull request as ready for review July 25, 2022 15:28
@braginini braginini merged commit 86a66c6 into main Jul 25, 2022
@braginini braginini deleted the single-port-signal branch July 25, 2022 17:55
pulsastrix pushed a commit to pulsastrix/netbird that referenced this pull request Dec 24, 2023
@braginini
Make Signal Service listen on a standard 443/80 port instead of 10000 (
1f2ba47 
…netbirdio#396)

Right now Signal Service runs the Let'sEncrypt manager on port 80
and a gRPC server on port 10000. There are two separate listeners.
This PR combines these listeners into one with a cmux lib.
The gRPC server runs on either 443 with TLS or 80 without TLS.
Let's Encrypt manager always runs on port 80.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mlsmaycon mlsmaycon mlsmaycon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@braginini @mlsmaycon