add listener to watch cert changes

mrhaoxx · Feb 5, 2024 · 236b2ea · 236b2ea
1 parent 7a6f4e5
commit 236b2ea
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 1 deletion.
diff --git a/go.mod b/go.mod
@@ -5,10 +5,15 @@ go 1.20
 require (
  github.com/andybalholm/brotli v1.1.0
  github.com/dlclark/regexp2 v1.10.0
+ github.com/fsnotify/fsnotify v1.7.0
  github.com/pires/go-proxyproto v0.7.0
  golang.org/x/crypto v0.18.0
  golang.org/x/net v0.20.0
  gopkg.in/yaml.v3 v3.0.1
+
 )
 
-require golang.org/x/text v0.14.0 // indirect
+require (
+ golang.org/x/sys v0.16.0 // indirect
+ golang.org/x/text v0.14.0 // indirect
+)
diff --git a/go.sum b/go.sum
@@ -2,12 +2,16 @@ github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/dlclark/regexp2 v1.10.0 h1:+/GIL799phkJqYW+3YbOd8LCcbHzT0Pbo8zl70MHsq0=
 github.com/dlclark/regexp2 v1.10.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/pires/go-proxyproto v0.7.0 h1:IukmRewDQFWC7kfnb66CSomk2q/seBuilHBYFwyq0Hs=
 github.com/pires/go-proxyproto v0.7.0/go.mod h1:Vz/1JPY/OACxWGQNIRY2BeyDmpoaWmEP40O9LbuiFR4=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=

diff --git a/ui/myservice.go b/ui/myservice.go
@@ -6,13 +6,15 @@ import (
  "os"
  "strconv"
  "strings"
+ "time"
 
  "github.com/mrhaoxx/OpenNG/auth"
  "github.com/mrhaoxx/OpenNG/http"
  "github.com/mrhaoxx/OpenNG/log"
  "github.com/mrhaoxx/OpenNG/tcp"
  "github.com/mrhaoxx/OpenNG/tls"
 
+ "github.com/fsnotify/fsnotify"
  "gopkg.in/yaml.v3"
 )
 
@@ -154,10 +156,58 @@ func LoadCfg(cfgs []byte) error {
  os.Exit(-1)
  }
 
+ watcher, err := fsnotify.NewWatcher()
+
+ if err != nil {
+ log.Println("sys", "tls", "watch", err)
+ } else {
+ go func() {
+ var lastReload = time.Now()
+ for {
+ select {
+ case event, ok := <-watcher.Events:
+ if !ok {
+ return
+ }
+ if event.Has(fsnotify.Write) {
+ if lastReload.Add(5 * time.Second).After(time.Now()) {
+ continue
+ }
+ lastReload = time.Now()
+ log.Println("sys", "tls", "watch", "modified", event.Name)
+ time.Sleep(2 * time.Second)
+ TlsMgr.ResetCertificates()
+
+ for _, c := range cfg.TLS.Certificates {
+ log.Println("sys", "tls", "Reload certificate", c.CertFile)
+ TlsMgr.LoadCertificate(c.CertFile, c.KeyFile)
+ }
+ }
+ case err, ok := <-watcher.Errors:
+ if !ok {
+ return
+ }
+ log.Println("sys", "tls", "watch", err)
+ }
+ }
+ }()
+ }
+
  for _, c := range cfg.TLS.Certificates {
  log.Println("sys", "tls", "Found certificate", c.CertFile)
 
  err = TlsMgr.LoadCertificate(c.CertFile, c.KeyFile)
+ if err != nil {
+ break
+ }
+ if watcher != nil {
+ err = watcher.Add(c.CertFile)
+ if err != nil {
+ log.Println("sys", "tls", "watch", "failed to watch:", c.CertFile, err)
+ } else {
+ log.Println("sys", "tls", "watch", c.CertFile)
+ }
+ }
  }
 
  if err != nil {