Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue #5019 - hot-reload SSL certificates if keystore file changed #5042

Merged
merged 12 commits into from
Jul 15, 2020
Merged

Issue #5019 - hot-reload SSL certificates if keystore file changed #5042

merged 12 commits into from
Jul 15, 2020

Conversation

lachlan-roberts
Copy link
Contributor

Issue #5019

Added an ssl-reload module which uses Scanner to monitor the keystore file registered with the SslContextFactory and reloads the keystore file if it detects any changes.

@lachlan-roberts lachlan-roberts requested a review from sbordet July 13, 2020 04:28
@sbordet
Copy link
Contributor

sbordet commented Jul 13, 2020

@lachlan-roberts please redo this PR as follows:

  • remove the Maven module jetty-ssl-reload as it is only 1 class
  • move the Jetty module jetty-ssl-reload.mod to Maven module jetty-server, where the other SSL Jetty modules are
  • class and test cases should be in jetty-util.
  • add a test where the keyStore file is a symlink and change the target of the symlink

sbordet
sbordet requested changes Jul 13, 2020
View reviewed changes
Copy link
Contributor

@sbordet sbordet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See PR comment.

@lachlan-roberts lachlan-roberts requested a review from sbordet July 13, 2020 14:56
@lachlan-roberts
Copy link
Contributor Author

  • remove the Maven module jetty-ssl-reload as it is only 1 class
  • move the Jetty module jetty-ssl-reload.mod to Maven module jetty-server, where the other SSL Jetty modules are
  • class and test cases should be in jetty-util.
  • add a test where the keyStore file is a symlink and change the target of the symlink

@sbordet I did all these, but moved the tests to test-integration as it needed a Server dependency. Maybe there is a better location for this.

joakime
joakime requested changes Jul 13, 2020
View reviewed changes
Copy link
Contributor

@joakime joakime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some small changes.

jetty-server/src/main/config/modules/ssl-reload.mod Outdated Show resolved Hide resolved
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslKeyStoreScanner.java Outdated Show resolved Hide resolved
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslKeyStoreScanner.java Outdated Show resolved Hide resolved
@lachlan-roberts
changes from review
a83844d 
Signed-off-by: Lachlan Roberts <[email protected]>
sbordet
sbordet requested changes Jul 14, 2020
View reviewed changes
Copy link
Contributor

@sbordet sbordet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add some documentation in configuring-ssl.adoc.

jetty-util/src/main/java/org/eclipse/jetty/util/ssl/KeyStoreScanner.java Show resolved Hide resolved
jetty-server/src/main/config/etc/jetty-ssl-context-reload.xml Outdated Show resolved Hide resolved
@lachlan-roberts lachlan-roberts requested a review from sbordet July 15, 2020 01:26
@lachlan-roberts lachlan-roberts mentioned this pull request Jul 15, 2020
Merged
sbordet
sbordet approved these changes Jul 15, 2020
View reviewed changes
Copy link
Contributor

@sbordet sbordet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add *.adoc documentation as well.

jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java Outdated Show resolved Hide resolved
@lachlan-roberts lachlan-roberts merged commit bbb0f66 into jetty-9.4.x Jul 15, 2020
@lachlan-roberts lachlan-roberts deleted the jetty-9.4.x-5019-SslReload branch July 15, 2020 23:09
This was referenced Jul 15, 2020
Closed
Closed
@mantryashutosh
Copy link

Does the hot reload work if the keystore file is a soft link ?

@joakime
Copy link
Contributor

joakime commented Sep 25, 2020

I wouldn't expect it to, as the soft link itself wasn't updated, meaning there's no file change (last modified) detectable.

@lachlan-roberts
Copy link
Contributor Author

@mantryashutosh it should still work if the keystore file is a soft link, we even have a test for this at KeyStoreScannerTest.testReloadChangingTargetOfSymbolicLink().

@mantryashutosh
Copy link

that's great, thank you so much @lachlan-roberts . Will test it out

@mh013370 mh013370 mentioned this pull request Sep 1, 2022
Closed
6 tasks
@mlsorensen mlsorensen mentioned this pull request Mar 21, 2023
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbordet sbordet sbordet approved these changes

@joakime joakime Awaiting requested review from joakime

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lachlan-roberts @sbordet @mantryashutosh @joakime