From 875d0d39af18229bef5a93208c24bd1372f6ddc6 Mon Sep 17 00:00:00 2001
From: Alex Reid <areid@akamai.com>
Date: Tue, 19 Mar 2024 17:26:43 +0000
Subject: [PATCH 1/2] Add support for unix domain sockets

Signed-off-by: Alex Reid <areid@akamai.com>
---
 src/server/server_impl.go | 57 ++++++++++++++++++++++++++++-----------
 src/settings/settings.go  |  3 +++
 2 files changed, 44 insertions(+), 16 deletions(-)

diff --git a/src/server/server_impl.go b/src/server/server_impl.go
index 85c636b7a..0b42b40f8 100644
--- a/src/server/server_impl.go
+++ b/src/server/server_impl.go
@@ -50,20 +50,28 @@ type serverDebugListener struct {
 	listener  net.Listener
 }
 
+type grpcListenType int
+
+const (
+	tcp              grpcListenType = 0
+	unixDomainSocket grpcListenType = 1
+)
+
 type server struct {
-	httpAddress   string
-	grpcAddress   string
-	debugAddress  string
-	router        *mux.Router
-	grpcServer    *grpc.Server
-	store         gostats.Store
-	scope         gostats.Scope
-	provider      provider.RateLimitConfigProvider
-	runtime       loader.IFace
-	debugListener serverDebugListener
-	httpServer    *http.Server
-	listenerMu    sync.Mutex
-	health        *HealthChecker
+	httpAddress    string
+	grpcAddress    string
+	grpcListenType grpcListenType
+	debugAddress   string
+	router         *mux.Router
+	grpcServer     *grpc.Server
+	store          gostats.Store
+	scope          gostats.Scope
+	provider       provider.RateLimitConfigProvider
+	runtime        loader.IFace
+	debugListener  serverDebugListener
+	httpServer     *http.Server
+	listenerMu     sync.Mutex
+	health         *HealthChecker
 }
 
 func (server *server) AddDebugHttpEndpoint(path string, help string, handler http.HandlerFunc) {
@@ -197,9 +205,20 @@ func (server *server) Start() {
 
 func (server *server) startGrpc() {
 	logger.Warnf("Listening for gRPC on '%s'", server.grpcAddress)
-	lis, err := reuseport.Listen("tcp", server.grpcAddress)
+	var lis net.Listener
+	var err error
+
+	switch server.grpcListenType {
+	case tcp:
+		lis, err = reuseport.Listen("tcp", server.grpcAddress)
+	case unixDomainSocket:
+		lis, err = net.Listen("unix", server.grpcAddress)
+	default:
+		logger.Fatalf("Invalid gRPC listen type %v", server.grpcListenType)
+	}
+
 	if err != nil {
-		logger.Fatalf("Failed to listen for gRPC: %v", err)
+		logger.Fatalf("Failed to listen for gRPC on '%s': %v", server.grpcAddress, err)
 	}
 	server.grpcServer.Serve(lis)
 }
@@ -247,7 +266,13 @@ func newServer(s settings.Settings, name string, statsManager stats.Manager, loc
 
 	// setup listen addresses
 	ret.httpAddress = net.JoinHostPort(s.Host, strconv.Itoa(s.Port))
-	ret.grpcAddress = net.JoinHostPort(s.GrpcHost, strconv.Itoa(s.GrpcPort))
+	if s.GrpcUds != "" {
+		ret.grpcAddress = s.GrpcUds
+		ret.grpcListenType = unixDomainSocket
+	} else {
+		ret.grpcAddress = net.JoinHostPort(s.GrpcHost, strconv.Itoa(s.GrpcPort))
+		ret.grpcListenType = tcp
+	}
 	ret.debugAddress = net.JoinHostPort(s.DebugHost, strconv.Itoa(s.DebugPort))
 
 	// setup stats
diff --git a/src/settings/settings.go b/src/settings/settings.go
index f3c3721d2..887101397 100644
--- a/src/settings/settings.go
+++ b/src/settings/settings.go
@@ -21,6 +21,9 @@ type Settings struct {
 	DebugPort int    `envconfig:"DEBUG_PORT" default:"6070"`
 
 	// GRPC server settings
+	// If GrpcUds is set we'll listen on the specified unix domain socket address
+	// rather then GrpcHost:GrpcPort. e.g. GrpcUds=/tmp/ratelimit.sock
+	GrpcUds  string `envconfig:"GRPC_UDS" default:""`
 	GrpcHost string `envconfig:"GRPC_HOST" default:"0.0.0.0"`
 	GrpcPort int    `envconfig:"GRPC_PORT" default:"8081"`
 	// GrpcServerTlsConfig configures grpc for the server

From dd2bfb6149a65d058f8ef5dd8209cef834e15b17 Mon Sep 17 00:00:00 2001
From: Alex Reid <areid@akamai.com>
Date: Wed, 3 Apr 2024 16:48:14 +0100
Subject: [PATCH 2/2] Add documentation

Signed-off-by: Alex Reid <areid@akamai.com>
---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 25a698d89..44591a476 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@
   - [GRPC Keepalive](#grpc-keepalive)
   - [Health-check](#health-check)
     - [Health-check configurations](#health-check-configurations)
+  - [GRPC server](#grpc-server)
 - [Request Fields](#request-fields)
 - [GRPC Client](#grpc-client)
   - [Commandline flags](#commandline-flags)
@@ -748,6 +749,13 @@ HEALTHY_WITH_AT_LEAST_ONE_CONFIG_LOADED default:"false"`
 If `HEALTHY_WITH_AT_LEAST_ONE_CONFIG_LOADED` is enabled then health check will start as unhealthy and becomes healthy if
 it detects at least one domain is loaded with the config. If it detects no config again then it will change to unhealthy.
 
+## GRPC server
+
+By default the ratelimit gRPC server binds to `0.0.0.0:8081`. To change this set
+`GRPC_HOST` and/or `GRPC_PORT`. If you want to run the server on a unix domain
+socket then set `GRPC_UDS`, e.g. `GRPC_UDS=/<dir>/ratelimit.sock` and leave
+`GRPC_HOST` and `GRPC_PORT` unmodified.
+
 # Request Fields
 
 For information on the fields of a Ratelimit gRPC request please read the information