reload certs from disk upon SIGHUP (#13792)

2025-11-07 04:42:56 -05:00 · 2021-12-01 00:38:32 -08:00
parent b280a37c4d
commit 24d904d194
3 changed files with 9 additions and 0 deletions
--- a/cmd/common-main.go
+++ b/cmd/common-main.go
@@ -34,6 +34,7 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+	"syscall"
 	"time"

 	fcolor "github.com/fatih/color"
@@ -718,6 +719,10 @@ func getTLSConfig() (x509Certs []*x509.Certificate, manager *certs.Manager, secu
 		}
 	}
 	secureConn = true
+
+	// syscall.SIGHUP to reload the certs.
+	manager.ReloadOnSignal(syscall.SIGHUP)
+
 	return x509Certs, manager, secureConn, nil
 }

--- a/cmd/utils.go
+++ b/cmd/utils.go
@@ -40,6 +40,7 @@ import (
 	"sort"
 	"strings"
 	"sync"
+	"syscall"
 	"time"

 	"github.com/dustin/go-humanize"
@@ -597,6 +598,7 @@ func NewGatewayHTTPTransportWithClientCerts(clientCert, clientKey string) *http.
 				err.Error()))
 		}
 		if c != nil {
+			c.ReloadOnSignal(syscall.SIGHUP) // allow reloads upon SIGHUP
 			transport.TLSClientConfig.GetClientCertificate = c.GetClientCertificate
 		}
 	}