@@ 4,10 4,10 @@ import (
"crypto/tls"
"log"
"net/http"
- "path/filepath"
+ "os"
+ "os/signal"
"sync"
-
- "github.com/fsnotify/fsnotify"
+ "syscall"
)
type keypairReloader struct {
@@ 17,7 17,7 @@ type keypairReloader struct {
keyPath string
}
-func NewKeypairReloader(certPath, keyPath string) (*keypairReloader, error) {
+func newKeypairReloader(certPath, keyPath string) (*keypairReloader, error) {
result := &keypairReloader{
certPath: certPath,
keyPath: keyPath,
@@ 27,32 27,16 @@ func NewKeypairReloader(certPath, keyPath string) (*keypairReloader, error) {
return nil, err
}
result.cert = &cert
- watcher, err := fsnotify.NewWatcher()
- if err != nil {
- log.Fatal(err)
- }
- defer watcher.Close()
go func() {
- for {
- select {
- case event, ok := <-watcher.Events:
- if !ok {
- return
- }
- log.Printf("INFO: File modified %s, reloading TLS certificate and key from %q and %q", event.Name, certPath, keyPath)
- if err := result.maybeReload(); err != nil {
- log.Printf("ERROR: Keeping old TLS certificate because the new one could not be loaded: %v", err)
- }
- case err, ok := <-watcher.Errors:
- if !ok {
- return
- }
- log.Println("ERROR:", err)
+ c := make(chan os.Signal, 1)
+ signal.Notify(c, syscall.SIGHUP)
+ for range c {
+ log.Printf("INFO: Received SIGHUP, reloading TLS certificate and key from %q and %q", certPath, keyPath)
+ if err := result.maybeReload(); err != nil {
+ log.Printf("ERROR: Keeping old TLS certificate because the new one could not be loaded: %v", err)
}
}
}()
- log.Printf("INFO: watching tls cerst at: %s", filepath.Dir(certPath))
- watcher.Add(filepath.Dir(certPath))
return result, nil
}
@@ 77,7 61,7 @@ func (kpr *keypairReloader) GetCertificateFunc() func(*tls.ClientHelloInfo) (*tl
func WithKeyPairReloader(certPath, keyPath string) func(*http.Server) {
return func(srv *http.Server) {
- kpr, err := NewKeypairReloader(certPath, keyPath)
+ kpr, err := newKeypairReloader(certPath, keyPath)
if err != nil {
log.Fatal(err)
}