mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2024-11-23 20:37:12 +01:00
Adds server certificate reload for lib/http (#2186)
* Adds server certificate reload for lib/http https://github.com/VictoriaMetrics/VictoriaMetrics/issues/2171 * Update lib/httpserver/httpserver.go Co-authored-by: Aliaksandr Valialkin <valyala@victoriametrics.com>
This commit is contained in:
parent
75e84144c7
commit
3d890e89f1
@ -97,14 +97,30 @@ func Serve(addr string, rh RequestHandler) {
|
||||
ln := net.Listener(lnTmp)
|
||||
|
||||
if *tlsEnable {
|
||||
cert, err := tls.LoadX509KeyPair(*tlsCertFile, *tlsKeyFile)
|
||||
var certLock sync.Mutex
|
||||
var certDeadline uint64
|
||||
var cert *tls.Certificate
|
||||
c, err := tls.LoadX509KeyPair(*tlsCertFile, *tlsKeyFile)
|
||||
if err != nil {
|
||||
logger.Fatalf("cannot load TLS cert from tlsCertFile=%q, tlsKeyFile=%q: %s", *tlsCertFile, *tlsKeyFile, err)
|
||||
}
|
||||
cert = &c
|
||||
cfg := &tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
MinVersion: tls.VersionTLS12,
|
||||
PreferServerCipherSuites: true,
|
||||
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||
certLock.Lock()
|
||||
defer certLock.Unlock()
|
||||
if fasttime.UnixTimestamp() > certDeadline {
|
||||
c, err = tls.LoadX509KeyPair(*tlsCertFile, *tlsKeyFile)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot load TLS cert from tlsCertFile=%q, tlsKeyFile=%q: %w", *tlsCertFile, *tlsKeyFile, err)
|
||||
}
|
||||
certDeadline = fasttime.UnixTimestamp() + 1
|
||||
cert = &c
|
||||
}
|
||||
return cert, nil
|
||||
},
|
||||
}
|
||||
ln = tls.NewListener(ln, cfg)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user