This repository has been archived by the owner on May 6, 2020. It is now read-only.
proposal: atomic cert update #1223
Labels
Comments
|
From @krancour on October 1, 2015 11:30 Possibly the controller could be modified to publish an additional etcd key corresponding to each cert. The value of that key could be a hash or fingerprint of the cert. This would be updated as certs are added/modified. On the router side, where the cert is used in the nginx config, the value of that etcd key could be included (using confd as usual) as a comment. The overall effect would be that when a cert is updated, a corresponding change to the nginx config also happens automatically, which would also trigger confd to reload nginx config. |
|
This issue was moved to teamhephy/controller#35 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
From @szymonpk on September 29, 2015 11:29
There is no way to do 'atomic' certificate update, if I do
deis certs:remove tld.com && derts certs:add tld.crt tld.key. Cert is changed on routers disk but nginx isn't restarted. It's required to have few minutes pause between each command or do some strange workarounds (restart routers by hand or add/remove certs for other apps where downtime is acceptable, then configuration is reloaded as one).I'm not sure which component should be modified to achieve this, can controller instrument routers? (request certificate refresh?)
Copied from original issue: deis/deis#4544
The text was updated successfully, but these errors were encountered: