/tls/configure -- restart HTTPS server if settings changed
Fixes not using new HTTPS certificate after submitting it.
This commit is contained in:
parent
f0569af367
commit
28df187012
10
config.go
10
config.go
|
@ -61,14 +61,18 @@ type dnsConfig struct {
|
|||
|
||||
var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"}
|
||||
|
||||
// field ordering is important -- yaml fields will mirror ordering from here
|
||||
type tlsConfig struct {
|
||||
type tlsConfigSettings struct {
|
||||
ServerName string `yaml:"server_name" json:"server_name,omitempty"`
|
||||
ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"`
|
||||
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"`
|
||||
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"`
|
||||
|
||||
dnsforward.TLSConfig `yaml:",inline" json:",inline"`
|
||||
}
|
||||
|
||||
// field ordering is important -- yaml fields will mirror ordering from here
|
||||
type tlsConfig struct {
|
||||
tlsConfigSettings `yaml:",inline" json:",inline"`
|
||||
|
||||
// only for API, no need to be stored in config
|
||||
StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
|
||||
|
@ -97,9 +101,11 @@ var config = configuration{
|
|||
UpstreamDNS: defaultDNS,
|
||||
},
|
||||
TLS: tlsConfig{
|
||||
tlsConfigSettings: tlsConfigSettings{
|
||||
PortHTTPS: 443,
|
||||
PortDNSOverTLS: 853, // needs to be passed through to dnsproxy
|
||||
},
|
||||
},
|
||||
Filters: []filter{
|
||||
{Filter: dnsfilter.Filter{ID: 1}, Enabled: true, URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt", Name: "AdGuard Simplified Domain Names filter"},
|
||||
{Filter: dnsfilter.Filter{ID: 2}, Enabled: false, URL: "https://adaway.org/hosts.txt", Name: "AdAway"},
|
||||
|
|
15
control.go
15
control.go
|
@ -13,6 +13,7 @@ import (
|
|||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"reflect"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -1076,9 +1077,21 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
|
|||
httpError(w, http.StatusBadRequest, "New TLS configuration does not validate: %s", err)
|
||||
return
|
||||
}
|
||||
restartHTTPS := false
|
||||
if !reflect.DeepEqual(config.TLS.tlsConfigSettings, data.tlsConfigSettings) {
|
||||
log.Printf("tls config settings have changed, will restart HTTPS server")
|
||||
restartHTTPS = true
|
||||
}
|
||||
config.TLS = data
|
||||
httpsServer.cond.Broadcast()
|
||||
httpUpdateConfigReloadDNSReturnOK(w, r)
|
||||
// this needs to be done in a goroutine because Shutdown() is a blocking call, and it will block
|
||||
// until all requests are finished, and _we_ are inside a request right now, so it will block indefinitely
|
||||
if restartHTTPS {
|
||||
go func() {
|
||||
httpsServer.cond.Broadcast()
|
||||
httpsServer.server.Shutdown(context.TODO())
|
||||
}()
|
||||
}
|
||||
}
|
||||
|
||||
func validateCertificates(data tlsConfig) (tlsConfig, error) {
|
||||
|
|
Loading…
Reference in New Issue