reload certs from disk upon SIGHUP (#13792)

This commit is contained in:
Harshavardhana 2021-12-01 00:38:32 -08:00 committed by GitHub
parent b280a37c4d
commit 24d904d194
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 0 deletions

View File

@ -34,6 +34,7 @@ import (
"sort" "sort"
"strconv" "strconv"
"strings" "strings"
"syscall"
"time" "time"
fcolor "github.com/fatih/color" fcolor "github.com/fatih/color"
@ -718,6 +719,10 @@ func getTLSConfig() (x509Certs []*x509.Certificate, manager *certs.Manager, secu
} }
} }
secureConn = true secureConn = true
// syscall.SIGHUP to reload the certs.
manager.ReloadOnSignal(syscall.SIGHUP)
return x509Certs, manager, secureConn, nil return x509Certs, manager, secureConn, nil
} }

View File

@ -40,6 +40,7 @@ import (
"sort" "sort"
"strings" "strings"
"sync" "sync"
"syscall"
"time" "time"
"github.com/dustin/go-humanize" "github.com/dustin/go-humanize"
@ -597,6 +598,7 @@ func NewGatewayHTTPTransportWithClientCerts(clientCert, clientKey string) *http.
err.Error())) err.Error()))
} }
if c != nil { if c != nil {
c.ReloadOnSignal(syscall.SIGHUP) // allow reloads upon SIGHUP
transport.TLSClientConfig.GetClientCertificate = c.GetClientCertificate transport.TLSClientConfig.GetClientCertificate = c.GetClientCertificate
} }
} }

View File

@ -31,6 +31,7 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
"syscall"
"time" "time"
"github.com/minio/minio/internal/event" "github.com/minio/minio/internal/event"
@ -238,6 +239,7 @@ func NewWebhookTarget(ctx context.Context, id string, args WebhookArgs, loggerOn
if err != nil { if err != nil {
return target, err return target, err
} }
manager.ReloadOnSignal(syscall.SIGHUP) // allow reloads upon SIGHUP
transport.TLSClientConfig.GetClientCertificate = manager.GetClientCertificate transport.TLSClientConfig.GetClientCertificate = manager.GetClientCertificate
} }
target.httpClient = &http.Client{Transport: transport} target.httpClient = &http.Client{Transport: transport}