dataplaneapi icon indicating copy to clipboard operation
dataplaneapi copied to clipboard
verified publisher icon haproxytech

Dynamic SSL Certificate Storage in HAProxy

Open fatchan opened this issue 2 years ago • 2 comments

Hi, when I add or remove an SSL certificate from HAProxy with dataplaneapi, it seems a reload is required for the changes to take effect.

However, Haproxy 2.1 and 2.2, apparently SSL certificates can be updated and added/removed without requiring a reload: https://www.haproxy.com/blog/dynamic-ssl-certificate-storage-in-haproxy https://www.haproxy.com/blog/announcing-haproxy-2-2#dynamic-ssl-certificate-storage

Is it possible for this to be supported in dataplaneapi?

Edit: In the meantime, I have monkey-patched my forks of dataplaneapi and client-native to issue the necessary ssl cert and ssl crt-list commands during storage create and storage delete of ssl certificates. Then, I always set skip_reload=true or force_reload=false. This allows me to add/remove the certificates without a reload.

fatchan avatar Jun 12 '23 03:06 fatchan

Hi @fatchan we are working on the big rework of our certificate storage, so we can take full advantage of runtime storage of HAProxy in the future, so it will be a feature in the next release.

mjuraga avatar Jun 26 '23 08:06 mjuraga