Agar-Agar Website game buatan anak bangsa yang terinspirasi dari agar.io. # 🏗 Server Architecture ## 1. Overview This architecture is composed of: * **Traefik v3.5** as the **TLS-enabled load balancer** and reverse proxy. * A **Game Server** exposing a gRPC API (`GameService`) for real-time multiplayer game state management. * Secure networking and dynamic configuration using **Docker** and file-based providers. --- ## 2. Load Balancer — Traefik Traefik is responsible for: * Handling **TLS termination** on port `443`. * Routing requests based on **Host rules**. * Providing a **secure API dashboard** (only accessible via HTTPS). * Loading dynamic configuration from `dynamic.yml`. * Watching for configuration changes in real-time. ### Configuration Summary | Feature | Value | | --------------- | ---------------------------------------- | | Image | `traefik:v3.5` | | Restart Policy | `unless-stopped` | | TLS Port | `443` (bound to localhost only) | | Docker Provider | Enabled, default exposure disabled | | File Provider | Enabled, watching `/etc/traefik/dynamic` | | Dashboard | Enabled at `https://traefik.gemas.tik` | | Logging Level | INFO | ### Key Volume Mounts * `/var/run/docker.sock` — Read-only for container service discovery. * `/etc/traefik/dynamic` — File provider directory (dynamic routes, middlewares). * `/certs` — TLS certificates for HTTPS. ### Example Routing Rule ```yaml labels: - "traefik.enable=true" - "traefik.http.routers.traefik.rule=Host(`traefik.gemas.tik`)" - "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.tls=true" - "traefik.http.routers.traefik.service=api@internal" ``` This routes any HTTPS traffic for `traefik.gemas.tik` to the Traefik dashboard service. --- ## 3. Game Server API — `GameService` The **GameService** uses **gRPC** to provide a **real-time multiplayer API** for clients. ### Service Overview | RPC Method | Direction | Purpose | | --------------- | ------------------------ | ---------------------------------------------------- | | `StreamState` | Server → Client (stream) | Streams world snapshots at a target tick rate. | | `SendInput` | Client → Server | Sends player movement or action inputs. | | `StartBoost` | Client → Server | Initiates a player speed boost. | | `EndBoost` | Client → Server | Ends a player speed boost. | | `SetName` | Client → Server | Sets the player's display name. | | `Disconnect` | Client → Server | Disconnects a player from the game. | | `Welcome` | Server → Client | Sends initial world info & player ID. | | `ToggleGodMode` | Client ↔ Server | Enables/disables god mode for a player (admin only). | ### Protocol Buffer Definition ```protobuf protobuf syntax = "proto3"; package game; option go_package = "./ctf;gamepb"; service GameService { // Server-streamed world snapshots at a target tick rate rpc StreamState(Empty) returns (stream State); // Input/control rpc SendInput(...) returns (...); rpc StartBoost(...) returns (...); rpc EndBoost(...) returns (...); rpc SetName(...) returns (...); rpc Disconnect(...) returns (...); // Optional one-shot welcome/world info rpc Welcome(...) returns (...); // Debug mode functionality rpc ToggleDebugMode(...) returns (...); rpc SetDebugOptions(...) returns (...); } ``` --- ## 4. High-Level Flow ```plaintext [ Client ] │ gRPC over HTTPS ▼ [ Traefik Load Balancer ] │ Routes based on Host rules ▼ [ Game Server ] │ ├── StreamState → Sends real-time world data ├── SendInput / Boost → Receives player actions ├── SetName / Disconnect → Manages player sessions └── ToggleGodMode → For admin only ``` --- ## 5. Security Considerations * **TLS Termination** at Traefik ensures encrypted client-server communication. * **`exposedByDefault=false`** prevents accidental exposure of internal services. * Certificates stored in `/certs` directory should be **managed securely**. * gRPC endpoints can be **authenticated via middleware** or token validation. dimas