Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

httpd: allow to reload the https certificate without restarting the service

Browse Source 
HTTPS certificate can be reloaded on demand sending a SIGHUP signal on
Unix based systems and a "paramchange" request to the running service on
Windows
This commit is contained in:
Nicola Murino
2020-02-04 23:21:33 +01:00
parent 9359669cd4
commit 5bfaae9202
7 changed files with 134 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
httpd/httpd.go
View File

@@ -7,6 +7,7 @@
package httpd
import (
"crypto/tls"
"fmt"
"net/http"
"path/filepath"
@@ -42,6 +43,7 @@ var (
dataProvider dataprovider.Provider
backupsPath string
httpAuth httpAuthProvider
certMgr *certManager
)
// Conf httpd daemon configuration
@@ -63,7 +65,9 @@ type Conf struct {
// If empty HTTP authentication is disabled
AuthUserFile string `json:"auth_user_file" mapstructure:"auth_user_file"`
// If files containing a certificate and matching private key for the server are provided the server will expect
// HTTPS connections
// HTTPS connections.
// Certificate and key files can be reloaded on demand sending a "SIGHUP" signal on Unix based systems and a
// "paramchange" request to the running service on Windows.
CertificateFile string `json:"certificate_file" mapstructure:"certificate_file"`
CertificateKeyFile string `json:"certificate_key_file" mapstructure:"certificate_key_file"`
}
@@ -103,11 +107,26 @@ func (c Conf) Initialize(configDir string) error {
MaxHeaderBytes: 1 << 16, // 64KB
}
if len(certificateFile) > 0 && len(certificateKeyFile) > 0 {
return httpServer.ListenAndServeTLS(certificateFile, certificateKeyFile)
certMgr, err = newCertManager(certificateFile, certificateKeyFile)
if err != nil {
return err
}
config := &tls.Config{
GetCertificate: certMgr.GetCertificateFunc(),
}
httpServer.TLSConfig = config
return httpServer.ListenAndServeTLS("", "")
}
return httpServer.ListenAndServe()
}
// ReloadTLSCertificate reloads the TLS certificate and key from the configured paths
func ReloadTLSCertificate() {
if certMgr != nil {
certMgr.loadCertificate()
}
}
func getConfigPath(name, configDir string) string {
if len(name) > 0 && !filepath.IsAbs(name) {
return filepath.Join(configDir, name)