OvenMediaEngine icon indicating copy to clipboard operation
OvenMediaEngine copied to clipboard

Published 20 hours ago verified publisher icon AirenSoft

Update SSL certificate on the fly

Open naanlizard opened this issue 3 years ago • 4 comments

Is your feature request related to a problem? Please describe. Downtime when updating an SSL certificate is bad for users.

Describe the solution you'd like Some mechanism to update the SSL certificate while the server is live, without interrupting streams, would be ideal. Something like nginx -s reload basically

Describe alternatives you've considered The only real alternative is scheduled maintenance once every 6 months for hard downtime, which we prefer to avoid.

naanlizard avatar May 06 '21 15:05 naanlizard

You'll have to restart your server for security updates more often than once every few months anyways, thus I suggest you to set up more than one edge server and use your loadbalancer to send the users to the desired server/servers.

basisbit avatar May 06 '21 19:05 basisbit

@naanlizard I agree that restarting daemon for TLS certificate replacement is not a good idea. OME uses SIGHUP signal for config update (now only supports reloading logger.xml), and I will consider improving TLS certificate to reload when this signal occurs.

dimiden avatar May 13 '21 05:05 dimiden

Is there any action on this? Any way I can help?

naanlizard avatar Jan 14 '22 00:01 naanlizard

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jun 02 '22 13:06 stale[bot]

@getroot where in the priorities list is this? It's the last feature we're waiting on for feature parity with our current setup, and hopefully not terribly difficult. Even better if it automatically updates the cert if the file changes on the disk :)

Thanks for all the great work last year and here's hoping 2023 is very successful for Airensoft!

naanlizard avatar Jan 03 '23 17:01 naanlizard

This feature is very low priority as it is needed about once a year and often restarts OME to update OvenMediaEngine. I will soon organize and share my priority tasks for 2023. I wish you a happy year!

getroot avatar Jan 04 '23 01:01 getroot

I guess we'll have to update our maintenance schedules for some planned downtime at least every few months, not the worst I suppose but not great

naanlizard avatar Jan 04 '23 02:01 naanlizard

I haven't finalized the roadmap yet, but I expect this feature to be released in the second quarter of this year.

getroot avatar Jan 04 '23 02:01 getroot