/tls/configure -- restart HTTPS server if settings changed
Fixes not using new HTTPS certificate after submitting it.
This commit is contained in:
parent
f0569af367
commit
28df187012
14
config.go
14
config.go
|
@ -61,14 +61,18 @@ type dnsConfig struct {
|
||||||
|
|
||||||
var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"}
|
var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"}
|
||||||
|
|
||||||
// field ordering is important -- yaml fields will mirror ordering from here
|
type tlsConfigSettings struct {
|
||||||
type tlsConfig struct {
|
|
||||||
ServerName string `yaml:"server_name" json:"server_name,omitempty"`
|
ServerName string `yaml:"server_name" json:"server_name,omitempty"`
|
||||||
ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"`
|
ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"`
|
||||||
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"`
|
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"`
|
||||||
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"`
|
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"`
|
||||||
|
|
||||||
dnsforward.TLSConfig `yaml:",inline" json:",inline"`
|
dnsforward.TLSConfig `yaml:",inline" json:",inline"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// field ordering is important -- yaml fields will mirror ordering from here
|
||||||
|
type tlsConfig struct {
|
||||||
|
tlsConfigSettings `yaml:",inline" json:",inline"`
|
||||||
|
|
||||||
// only for API, no need to be stored in config
|
// only for API, no need to be stored in config
|
||||||
StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
|
StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
|
||||||
|
@ -97,8 +101,10 @@ var config = configuration{
|
||||||
UpstreamDNS: defaultDNS,
|
UpstreamDNS: defaultDNS,
|
||||||
},
|
},
|
||||||
TLS: tlsConfig{
|
TLS: tlsConfig{
|
||||||
PortHTTPS: 443,
|
tlsConfigSettings: tlsConfigSettings{
|
||||||
PortDNSOverTLS: 853, // needs to be passed through to dnsproxy
|
PortHTTPS: 443,
|
||||||
|
PortDNSOverTLS: 853, // needs to be passed through to dnsproxy
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Filters: []filter{
|
Filters: []filter{
|
||||||
{Filter: dnsfilter.Filter{ID: 1}, Enabled: true, URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt", Name: "AdGuard Simplified Domain Names filter"},
|
{Filter: dnsfilter.Filter{ID: 1}, Enabled: true, URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt", Name: "AdGuard Simplified Domain Names filter"},
|
||||||
|
|
15
control.go
15
control.go
|
@ -13,6 +13,7 @@ import (
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
"reflect"
|
||||||
"sort"
|
"sort"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -1076,9 +1077,21 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
|
||||||
httpError(w, http.StatusBadRequest, "New TLS configuration does not validate: %s", err)
|
httpError(w, http.StatusBadRequest, "New TLS configuration does not validate: %s", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
restartHTTPS := false
|
||||||
|
if !reflect.DeepEqual(config.TLS.tlsConfigSettings, data.tlsConfigSettings) {
|
||||||
|
log.Printf("tls config settings have changed, will restart HTTPS server")
|
||||||
|
restartHTTPS = true
|
||||||
|
}
|
||||||
config.TLS = data
|
config.TLS = data
|
||||||
httpsServer.cond.Broadcast()
|
|
||||||
httpUpdateConfigReloadDNSReturnOK(w, r)
|
httpUpdateConfigReloadDNSReturnOK(w, r)
|
||||||
|
// this needs to be done in a goroutine because Shutdown() is a blocking call, and it will block
|
||||||
|
// until all requests are finished, and _we_ are inside a request right now, so it will block indefinitely
|
||||||
|
if restartHTTPS {
|
||||||
|
go func() {
|
||||||
|
httpsServer.cond.Broadcast()
|
||||||
|
httpsServer.server.Shutdown(context.TODO())
|
||||||
|
}()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func validateCertificates(data tlsConfig) (tlsConfig, error) {
|
func validateCertificates(data tlsConfig) (tlsConfig, error) {
|
||||||
|
|
Loading…
Reference in New Issue