/tls/configure -- restart HTTPS server if settings changed

Fixes not using new HTTPS certificate after submitting it.
This commit is contained in:
Eugene Bujak 2019-02-13 11:08:07 +03:00 committed by Eugene Bujak
parent f0569af367
commit 28df187012
2 changed files with 24 additions and 5 deletions

View File

@ -61,14 +61,18 @@ type dnsConfig struct {
var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"} var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"}
// field ordering is important -- yaml fields will mirror ordering from here type tlsConfigSettings struct {
type tlsConfig struct {
ServerName string `yaml:"server_name" json:"server_name,omitempty"` ServerName string `yaml:"server_name" json:"server_name,omitempty"`
ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"` ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"`
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"` PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"`
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"`
dnsforward.TLSConfig `yaml:",inline" json:",inline"` dnsforward.TLSConfig `yaml:",inline" json:",inline"`
}
// field ordering is important -- yaml fields will mirror ordering from here
type tlsConfig struct {
tlsConfigSettings `yaml:",inline" json:",inline"`
// only for API, no need to be stored in config // only for API, no need to be stored in config
StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"` StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
@ -97,8 +101,10 @@ var config = configuration{
UpstreamDNS: defaultDNS, UpstreamDNS: defaultDNS,
}, },
TLS: tlsConfig{ TLS: tlsConfig{
PortHTTPS: 443, tlsConfigSettings: tlsConfigSettings{
PortDNSOverTLS: 853, // needs to be passed through to dnsproxy PortHTTPS: 443,
PortDNSOverTLS: 853, // needs to be passed through to dnsproxy
},
}, },
Filters: []filter{ Filters: []filter{
{Filter: dnsfilter.Filter{ID: 1}, Enabled: true, URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt", Name: "AdGuard Simplified Domain Names filter"}, {Filter: dnsfilter.Filter{ID: 1}, Enabled: true, URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt", Name: "AdGuard Simplified Domain Names filter"},

View File

@ -13,6 +13,7 @@ import (
"net" "net"
"net/http" "net/http"
"os" "os"
"reflect"
"sort" "sort"
"strconv" "strconv"
"strings" "strings"
@ -1076,9 +1077,21 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
httpError(w, http.StatusBadRequest, "New TLS configuration does not validate: %s", err) httpError(w, http.StatusBadRequest, "New TLS configuration does not validate: %s", err)
return return
} }
restartHTTPS := false
if !reflect.DeepEqual(config.TLS.tlsConfigSettings, data.tlsConfigSettings) {
log.Printf("tls config settings have changed, will restart HTTPS server")
restartHTTPS = true
}
config.TLS = data config.TLS = data
httpsServer.cond.Broadcast()
httpUpdateConfigReloadDNSReturnOK(w, r) httpUpdateConfigReloadDNSReturnOK(w, r)
// this needs to be done in a goroutine because Shutdown() is a blocking call, and it will block
// until all requests are finished, and _we_ are inside a request right now, so it will block indefinitely
if restartHTTPS {
go func() {
httpsServer.cond.Broadcast()
httpsServer.server.Shutdown(context.TODO())
}()
}
} }
func validateCertificates(data tlsConfig) (tlsConfig, error) { func validateCertificates(data tlsConfig) (tlsConfig, error) {