Skip to content

[Feature] Headscale TLS reload on SIGHUP #3027

@racterub

Description

@racterub

Use case

I have a pipeline dedicated to manage all of my certificate and deploy to remote serve via ansible.
Headscale then uses the deployed certificate with tls_cert_path and tls_key_path.

Description

Headscale currently only reload ACL when receiving SIGHUP as normally certificate should also be reloaded (e.g. nginx).
This causes that whenever my certificate is renewed, new certificate does not served by headscale.

Contribution

  • I can write the design doc for this feature
  • I can contribute this feature

How can it be implemented?

Adjust the TLSConfig when using "Bring your own certficate" to use GetCertificate callback function. [ref]
Similiar implementation can also be seen in autocert [ref]

Ideally we also need to take good care about the ongoing connections with old certificate?

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions