caddy icon indicating copy to clipboard operation
caddy copied to clipboard
verified publisher icon caddyserver

caddytls: Regularly reload static certificates

Open pascalgn opened this issue 8 months ago • 4 comments

Fixes #6933

pascalgn avatar Apr 07 '25 14:04 pascalgn

@mholt I pushed some changes. I changed CertificateLoader like this:

type CertificateLoader interface {
	Initialize(updateCertificates func(add []Certificate, remove []string) error) error
}

That way, existing loaders (e.g. StorageLoader) will simply call the updateCertificates callback during the Initialize method, but other loaders (i.e. FolderLoader) will call it during Initialize, but also afterwards, during fsnotify events.

Would it make sense like that?

pascalgn avatar Apr 09 '25 10:04 pascalgn

I was thinking more of using each loader modules' Provision() and Cleanup() methods to start/stop a goroutine that does the watching and reloading.

As for removing... let me think more on that.

mholt avatar Apr 15 '25 14:04 mholt

When moving the code into the Provision method, how would it access the certCache?

pascalgn avatar Apr 15 '25 14:04 pascalgn

Via the tls app, so, ctx.App("tls") (then type-assert).

We might need to add a method or two to the caddytls.TLS app type which can expose the cache or at least the operations we need on it: https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#TLS

mholt avatar Apr 15 '25 15:04 mholt