common icon indicating copy to clipboard operation
common copied to clipboard

Published 20 hours ago verified publisher icon weaveworks

Allow to disable GRPC/HTTP listener

Open thampiotr opened this issue 1 year ago • 2 comments

Problem:

When using common/server/server.go to serve only HTTP traffic, there currently is no way to entirely disable the GRPC listener. Conversely, when only using GRPC, the HTTP listener will always be started.

This can be an issue when you want to e.g. limit the attack surface area, reduce the resource usage etc.

Proposed solution:

Add HTTPDisabled and GRPCDisabled configuration options that, when set to true, will disable HTTP and GRPC servers respectively.

Discussion

Have we ever considered this in the past, and is there a reason we decided against it? I’m curious to hear what are your thoughts on this approach? Are there any alternatives that you would recommend? Would you be open to a contribution?

thampiotr avatar May 05 '23 09:05 thampiotr

I don't recall any discussion. I think when this library started the Server didn't do much beyond set up two listeners.

Could we re-use one of the existing parameters, e.g. GRPCListenPort=-1 would disable it?

bboreham avatar May 24 '23 15:05 bboreham

Thanks @bboreham. I'm happy to reuse the existing parameters and I don't see a problem with using -1 port to mean disabling a given server.

I will aim to open a PR implementing this - do let me know if you have any further concerns though.

thampiotr avatar May 25 '23 11:05 thampiotr