/tls/configure -- restart HTTPS server if settings changed

Fixes not using new HTTPS certificate after submitting it.
This commit is contained in:
Eugene Bujak 2019-02-13 11:08:07 +03:00 committed by Eugene Bujak
parent f0569af367
commit 28df187012
2 changed files with 24 additions and 5 deletions

View File

@ -61,14 +61,18 @@ type dnsConfig struct {
var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"}
// field ordering is important -- yaml fields will mirror ordering from here
type tlsConfig struct {
type tlsConfigSettings struct {
ServerName string `yaml:"server_name" json:"server_name,omitempty"`
ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"`
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"`
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"`
dnsforward.TLSConfig `yaml:",inline" json:",inline"`
}
// field ordering is important -- yaml fields will mirror ordering from here
type tlsConfig struct {
tlsConfigSettings `yaml:",inline" json:",inline"`
// only for API, no need to be stored in config
StatusCertificate string `yaml:"status_cert" json:"status_cert,omitempty"`
@ -97,8 +101,10 @@ var config = configuration{
UpstreamDNS: defaultDNS,
},
TLS: tlsConfig{
PortHTTPS: 443,
PortDNSOverTLS: 853, // needs to be passed through to dnsproxy
tlsConfigSettings: tlsConfigSettings{
PortHTTPS: 443,
PortDNSOverTLS: 853, // needs to be passed through to dnsproxy
},
},
Filters: []filter{
{Filter: dnsfilter.Filter{ID: 1}, Enabled: true, URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt", Name: "AdGuard Simplified Domain Names filter"},

View File

@ -13,6 +13,7 @@ import (
"net"
"net/http"
"os"
"reflect"
"sort"
"strconv"
"strings"
@ -1076,9 +1077,21 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
httpError(w, http.StatusBadRequest, "New TLS configuration does not validate: %s", err)
return
}
restartHTTPS := false
if !reflect.DeepEqual(config.TLS.tlsConfigSettings, data.tlsConfigSettings) {
log.Printf("tls config settings have changed, will restart HTTPS server")
restartHTTPS = true
}
config.TLS = data
httpsServer.cond.Broadcast()
httpUpdateConfigReloadDNSReturnOK(w, r)
// this needs to be done in a goroutine because Shutdown() is a blocking call, and it will block
// until all requests are finished, and _we_ are inside a request right now, so it will block indefinitely
if restartHTTPS {
go func() {
httpsServer.cond.Broadcast()
httpsServer.server.Shutdown(context.TODO())
}()
}
}
func validateCertificates(data tlsConfig) (tlsConfig, error) {