You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ml...@apache.org on 2023/03/22 20:38:52 UTC
[cloudstack] branch main updated: Support Jetty's live cert reload on HTTPS frontend (#7355)
This is an automated email from the ASF dual-hosted git repository.
mlsorensen pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 9ca5f287eb4 Support Jetty's live cert reload on HTTPS frontend (#7355)
9ca5f287eb4 is described below
commit 9ca5f287eb4ad6c136fa49a8f752ff0a535bf088
Author: Marcus Sorensen <ma...@apple.com>
AuthorDate: Wed Mar 22 14:38:43 2023 -0600
Support Jetty's live cert reload on HTTPS frontend (#7355)
* Support Jetty's live cert reload
Signed-off-by: Marcus Sorensen <ml...@apple.com>
* Update ServerDaemon.java
---------
Signed-off-by: Marcus Sorensen <ml...@apple.com>
Co-authored-by: Marcus Sorensen <ml...@apple.com>
---
client/src/main/java/org/apache/cloudstack/ServerDaemon.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
index 08f856655dc..63cdc45b8dc 100644
--- a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
+++ b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
@@ -45,6 +45,7 @@ import org.eclipse.jetty.server.handler.MovedContextHandler;
import org.eclipse.jetty.server.handler.RequestLogHandler;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.server.session.SessionHandler;
+import org.eclipse.jetty.util.ssl.KeyStoreScanner;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
@@ -241,6 +242,14 @@ public class ServerDaemon implements Daemon {
sslConnector.setPort(httpsPort);
sslConnector.setHost(bindInterface);
server.addConnector(sslConnector);
+
+ // add scanner to auto-reload certs
+ try {
+ KeyStoreScanner scanner = new KeyStoreScanner(sslContextFactory);
+ server.addBean(scanner);
+ } catch (Exception ex) {
+ LOG.error("failed to set up keystore scanner, manual refresh of certificates will be required", ex);
+ }
}
}