-
-
Notifications
You must be signed in to change notification settings - Fork 719
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Reload server TLS certificate #659
Comments
I think this mechanism can be very useful for updating configurations for reverse proxies, redirects etc with zero down time. So please can you implement for a broader use case. |
I did some research for inspiration and use cases: Nginx has a product for similar use case: https://www.nginx.com/products/nginx-unit/ Envoy also picks up the configuration change with no downtime. This is cited as one of the advantages of Envoy against Nginx. https://dropbox.tech/infrastructure/how-we-migrated-dropbox-from-nginx-to-envoy Aside: Envoy also has a pluggable filter chain mechanism which enables wasm modules to be used with, which makes it lightweight altentative to containers. https://webassemblyhub.io
https://blog.envoyproxy.io/the-universal-data-plane-api-d15cec7a I know these are ambitious projects and it is more than simple file watching but having this feature baked into the library opens up windows to amazing possibilities for modest projects. |
Is there an update for that? I can try to implement it if it isn't supported yet. Hints would be appreciated. |
I can currently use warp with TLS by giving it a certificate when I start the server, as shown in the example: https://github.com/seanmonstar/warp/blob/master/examples/tls.rs
The problem is that when the certificate expires, the server must be restarted. I would like to update the certificate of the currently running warp server, so that existing connections are not touched, but all new incoming TCP connections are served the updated certificate.
In terms of the API, one possible suggestion would be to initialize the warp server with a "Channel" object. Then later on I can feed a new certificate into the channel whenever I want. But any other API that works would also be welcome.
This feature would be especially useful for those using letsencrypt, which has short certificate expiry times, and would be a better solution than the restarting technique discussed in #252
Thank you
The text was updated successfully, but these errors were encountered: