diff options
author | Amber Brown <hawkowl@atleastfornow.net> | 2019-01-30 11:00:02 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-30 11:00:02 +0000 |
commit | f6813919e8bc8245e5353700bfd4bef338ecbce6 (patch) | |
tree | a39eaceec2c2fc03a307582d08c151367c50fc36 /synapse/app/homeserver.py | |
parent | Add a caching layer to .well-known responses (#4516) (diff) | |
download | synapse-f6813919e8bc8245e5353700bfd4bef338ecbce6.tar.xz |
SIGHUP for TLS cert reloading (#4495)
Diffstat (limited to 'synapse/app/homeserver.py')
-rwxr-xr-x | synapse/app/homeserver.py | 51 |
1 files changed, 46 insertions, 5 deletions
diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index ffc49d77cc..019b91576f 100755 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -17,6 +17,7 @@ import gc import logging import os +import signal import sys import traceback @@ -27,6 +28,7 @@ from prometheus_client import Gauge from twisted.application import service from twisted.internet import defer, reactor +from twisted.protocols.tls import TLSMemoryBIOFactory from twisted.web.resource import EncodingResourceWrapper, NoResource from twisted.web.server import GzipEncoderFactory from twisted.web.static import File @@ -84,6 +86,7 @@ def gz_wrap(r): class SynapseHomeServer(HomeServer): DATASTORE_CLASS = DataStore + _listening_services = [] def _listener_http(self, config, listener_config): port = listener_config["port"] @@ -121,7 +124,7 @@ class SynapseHomeServer(HomeServer): root_resource = create_resource_tree(resources, root_resource) if tls: - listen_ssl( + return listen_ssl( bind_addresses, port, SynapseSite( @@ -135,7 +138,7 @@ class SynapseHomeServer(HomeServer): ) else: - listen_tcp( + return listen_tcp( bind_addresses, port, SynapseSite( @@ -146,7 +149,6 @@ class SynapseHomeServer(HomeServer): self.version_string, ) ) - logger.info("Synapse now listening on port %d", port) def _configure_named_resource(self, name, compress=False): """Build a resource map for a named resource @@ -242,7 +244,9 @@ class SynapseHomeServer(HomeServer): for listener in config.listeners: if listener["type"] == "http": - self._listener_http(config, listener) + self._listening_services.extend( + self._listener_http(config, listener) + ) elif listener["type"] == "manhole": listen_tcp( listener["bind_addresses"], @@ -322,7 +326,19 @@ def setup(config_options): # generating config files and shouldn't try to continue. sys.exit(0) - synapse.config.logger.setup_logging(config, use_worker_options=False) + sighup_callbacks = [] + synapse.config.logger.setup_logging( + config, + use_worker_options=False, + register_sighup=sighup_callbacks.append + ) + + def handle_sighup(*args, **kwargs): + for i in sighup_callbacks: + i(*args, **kwargs) + + if hasattr(signal, "SIGHUP"): + signal.signal(signal.SIGHUP, handle_sighup) events.USE_FROZEN_DICTS = config.use_frozen_dicts @@ -359,6 +375,31 @@ def setup(config_options): hs.setup() + def refresh_certificate(*args): + """ + Refresh the TLS certificates that Synapse is using by re-reading them + from disk and updating the TLS context factories to use them. + """ + logging.info("Reloading certificate from disk...") + hs.config.read_certificate_from_disk() + hs.tls_server_context_factory = context_factory.ServerContextFactory(config) + hs.tls_client_options_factory = context_factory.ClientTLSOptionsFactory( + config + ) + logging.info("Certificate reloaded.") + + logging.info("Updating context factories...") + for i in hs._listening_services: + if isinstance(i.factory, TLSMemoryBIOFactory): + i.factory = TLSMemoryBIOFactory( + hs.tls_server_context_factory, + False, + i.factory.wrappedFactory + ) + logging.info("Context factories updated.") + + sighup_callbacks.append(refresh_certificate) + @defer.inlineCallbacks def start(): try: |