From 28df187012ccd456524614a6ee96ce65d396a97f Mon Sep 17 00:00:00 2001 From: Eugene Bujak Date: Wed, 13 Feb 2019 11:08:07 +0300 Subject: [PATCH] /tls/configure -- restart HTTPS server if settings changed Fixes not using new HTTPS certificate after submitting it. --- config.go | 14 ++++++++++---- control.go | 15 ++++++++++++++- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/config.go b/config.go index 6d2cb05a..51fa5bf8 100644 --- a/config.go +++ b/config.go @@ -61,14 +61,18 @@ type dnsConfig struct { var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"} -// field ordering is important -- yaml fields will mirror ordering from here -type tlsConfig struct { +type tlsConfigSettings struct { ServerName string `yaml:"server_name" json:"server_name,omitempty"` ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"` PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"` PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` dnsforward.TLSConfig `yaml:",inline" json:",inline"` +} + +// field ordering is important -- yaml fields will mirror ordering from here +type tlsConfig struct { + tlsConfigSettings `yaml:",inline" json:",inline"` // only for API, no need to be stored in config StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"` @@ -97,8 +101,10 @@ var config = configuration{ UpstreamDNS: defaultDNS, }, TLS: tlsConfig{ - PortHTTPS: 443, - PortDNSOverTLS: 853, // needs to be passed through to dnsproxy + tlsConfigSettings: tlsConfigSettings{ + PortHTTPS: 443, + PortDNSOverTLS: 853, // needs to be passed through to dnsproxy + }, }, Filters: []filter{ {Filter: dnsfilter.Filter{ID: 1}, Enabled: true, URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt", Name: "AdGuard Simplified Domain Names filter"}, diff --git a/control.go b/control.go index d9c56e5b..9a4bc85e 100644 --- a/control.go +++ b/control.go @@ -13,6 +13,7 @@ import ( "net" "net/http" "os" + "reflect" "sort" "strconv" "strings" @@ -1076,9 +1077,21 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) { httpError(w, http.StatusBadRequest, "New TLS configuration does not validate: %s", err) return } + restartHTTPS := false + if !reflect.DeepEqual(config.TLS.tlsConfigSettings, data.tlsConfigSettings) { + log.Printf("tls config settings have changed, will restart HTTPS server") + restartHTTPS = true + } config.TLS = data - httpsServer.cond.Broadcast() httpUpdateConfigReloadDNSReturnOK(w, r) + // this needs to be done in a goroutine because Shutdown() is a blocking call, and it will block + // until all requests are finished, and _we_ are inside a request right now, so it will block indefinitely + if restartHTTPS { + go func() { + httpsServer.cond.Broadcast() + httpsServer.server.Shutdown(context.TODO()) + }() + } } func validateCertificates(data tlsConfig) (tlsConfig, error) {