YGGverse/aquatic
1
0
Fork 0
mirror of https://github.com/YGGverse/aquatic.git synced 2026-04-02 02:35:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

http: reload tls config on SIGUSR1

Browse source
This commit is contained in:
Joakim Frostegård 2023-10-24 18:44:49 +02:00
parent 6a23ef9103
commit 99647a323a
7 changed files with 37 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

17
crates/http/src/lib.rs
View file

@ -9,6 +9,7 @@ use aquatic_common::{
rustls_config::create_rustls_config,
PanicSentinelWatcher, ServerStartInstant,
};
use arc_swap::ArcSwap;
use common::State;
use glommio::{channels::channel_mesh::MeshBuilder, prelude::*};
use signal_hook::{
@ -57,10 +58,10 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
let (sentinel_watcher, sentinel) = PanicSentinelWatcher::create_with_sentinel();
let priv_dropper = PrivilegeDropper::new(config.privileges.clone(), config.socket_workers);
let tls_config = Arc::new(create_rustls_config(
let tls_config = Arc::new(ArcSwap::from_pointee(create_rustls_config(
&config.network.tls_certificate_path,
&config.network.tls_private_key_path,
)?);
)?));
let server_start_instant = ServerStartInstant::new();
@ -144,6 +145,18 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
match signal {
SIGUSR1 => {
let _ = update_access_list(&config.access_list, &state.access_list);
match create_rustls_config(
&config.network.tls_certificate_path,
&config.network.tls_private_key_path,
) {
Ok(config) => {
tls_config.store(Arc::new(config));
::log::info!("successfully updated tls config");
}
Err(err) => ::log::error!("could not update tls config: {:#}", err),
}
}
SIGTERM => {
if sentinel_watcher.panic_was_triggered() {