You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by ml...@apache.org on 2023/03/22 20:38:52 UTC

[cloudstack] branch main updated: Support Jetty's live cert reload on HTTPS frontend (#7355)

This is an automated email from the ASF dual-hosted git repository.

mlsorensen pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/main by this push:
     new 9ca5f287eb4 Support Jetty's live cert reload on HTTPS frontend (#7355)
9ca5f287eb4 is described below

commit 9ca5f287eb4ad6c136fa49a8f752ff0a535bf088
Author: Marcus Sorensen <ma...@apple.com>
AuthorDate: Wed Mar 22 14:38:43 2023 -0600

    Support Jetty's live cert reload on HTTPS frontend (#7355)
    
    * Support Jetty's live cert reload
    
    Signed-off-by: Marcus Sorensen <ml...@apple.com>
    
    * Update ServerDaemon.java
    
    ---------
    
    Signed-off-by: Marcus Sorensen <ml...@apple.com>
    Co-authored-by: Marcus Sorensen <ml...@apple.com>
---
 client/src/main/java/org/apache/cloudstack/ServerDaemon.java | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
index 08f856655dc..63cdc45b8dc 100644
--- a/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
+++ b/client/src/main/java/org/apache/cloudstack/ServerDaemon.java
@@ -45,6 +45,7 @@ import org.eclipse.jetty.server.handler.MovedContextHandler;
 import org.eclipse.jetty.server.handler.RequestLogHandler;
 import org.eclipse.jetty.server.handler.gzip.GzipHandler;
 import org.eclipse.jetty.server.session.SessionHandler;
+import org.eclipse.jetty.util.ssl.KeyStoreScanner;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
@@ -241,6 +242,14 @@ public class ServerDaemon implements Daemon {
             sslConnector.setPort(httpsPort);
             sslConnector.setHost(bindInterface);
             server.addConnector(sslConnector);
+
+            // add scanner to auto-reload certs
+            try {
+                KeyStoreScanner scanner = new KeyStoreScanner(sslContextFactory);
+                server.addBean(scanner);
+            } catch (Exception ex) {
+                LOG.error("failed to set up keystore scanner, manual refresh of certificates will be required", ex);
+            }
         }
     }