Implement SIGHUP certificate reloading for Let's Encrypt
- Add tokio signal handling for SIGHUP - Implement thread-safe TLS acceptor reloading with Mutex - Modify main loop to handle signals alongside connections - Update systemd service (already had ExecReload) - Add certbot hook script documentation to INSTALL.md - Enable zero-downtime certificate renewal support
This commit is contained in:
parent
ea8083fe1f
commit
caf9d0984f
3 changed files with 102 additions and 14 deletions
2
dist/pollux.service
vendored
2
dist/pollux.service
vendored
|
|
@ -15,6 +15,8 @@ NoNewPrivileges=yes
|
|||
ProtectHome=yes
|
||||
ProtectSystem=strict
|
||||
ReadOnlyPaths=/etc/pollux /etc/letsencrypt/live/example.com /var/www/example.com
|
||||
# NOTE: Adjust /etc/letsencrypt/live/example.com and /var/www/example.com to match your config
|
||||
# The server needs read access to config, certificates, and content files
|
||||
# NOTE: Adjust paths to match your config:
|
||||
# - /etc/letsencrypt/live/example.com for Let's Encrypt certs
|
||||
# - /var/www/example.com for your content root
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue