README
¶
certreloader
Reload X.509 certificate / private key periodically.
Documentation
¶
Overview ¶
Package certreloader implements a periodic X.509 certificate reloader.
Example ¶
package main
import (
"crypto/tls"
"log"
"net/http"
"time"
"github.com/zhangyoufu/certreloader"
)
func main() {
const (
listenAddr = "localhost:8443"
certPath = "path/to/fullchain.pem"
keyPath = "path/to/privkey.pem"
reloadInterval = 5 * time.Minute
)
reloader, err := certreloader.New(certPath, keyPath, reloadInterval)
if err != nil {
// unable to load certificate / private key
log.Fatal(err)
}
server := http.Server{
Addr: listenAddr,
TLSConfig: &tls.Config{
GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
return reloader.Get(), nil
},
},
}
err = server.ListenAndServeTLS("", "")
log.Fatal(err)
}
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Reloader ¶
type Reloader struct {
// contains filtered or unexported fields
}
Reloader converts X.509 certificate and private key in PEM format to tls.Certificate. It periodically checks their contents in background, and tries to reload atomically when changes were detected. Reload failure will be logged and will not break previously loaded one.
func New ¶
New return a new Reloader. The path to certificate / private key will be converted to absolute form internally. If any error happened during the first reload, New will return a nil Reloader and non-nil error.
func (*Reloader) Get ¶
func (r *Reloader) Get() *tls.Certificate
Get currently loaded tls.Certificate.
Source Files
Click to show internal directories.
Click to hide internal directories.