Project

General

Profile

Idea #13446

Updated by Tom Clegg over 6 years ago

Background: Clients (including keepproxy) already have TLS support -- otherwise, they wouldn't be able to connect to keepproxy in a typical setup. However, keepstore itself does not have built-in support for TLS, and setting up Nginx alongside each keepstore is a burden. 

 Load certificate and key from configured location (e.g., /var/lib/acme/live/...) at startup 
 * If cert+key cannot be loaded, error out 

 Reload cert+key if -they they change on disk- SIGHUP is received disk (acmetool or something similar will be refreshing certs) 
 * If cert+key cannot be loaded, log a warning and continue using old cert+key 

 https://blog.gopheracademy.com/advent-2016/exposing-go-on-the-internet/ 

Back