mirror of https://git.kore.io/kore.git
cffb7ec379
This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option. |
||
|---|---|---|
| .. | ||
| conf | ||
| src | ||
| .gitignore | ||
| README.md | ||
README.md
Kore message framework example
Run:
# kodev run
Test:
Perform a simple GET request against the root page.
This should trigger the example app to send a message
to the other workers which will display it.
# curl -k https://127.0.0.1:8888