Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reload listeners if ssl configs have changed #2118

Open
wants to merge 1 commit into
base: master
from

Conversation

@TylerLubeck
Copy link
Contributor

commented Sep 26, 2019

Hi!

I'm doing some work with certificate rotation, and it would be useful to be able to reload gunicorn when ssl configurations have changed.

The more interesting part is reloading gunicorn if the contents of the various certificate files have changed. This allows us to automate the process of certificate rotation - we have a separate process that creates new certificate bundles and puts them in a standard location and then signals other applications to reload them.

Let me know what you think?

@TylerLubeck TylerLubeck changed the title 3Reload listeners if ssl configs have changed Reload listeners if ssl configs have changed Sep 26, 2019
@tilgovi

This comment has been minimized.

Copy link
Collaborator

commented Oct 10, 2019

Does Python cache the certfile argument? Gunicorn calls the deprecated wrap_socket() method (there is issue #1140 about switching to SSLContext) with the certfile and keyfile arguments when a client connects. At the very least, I would expect spawning new workers to use a new certificate even if each worker caches the certificate by filename between client accepts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.