是否可以在不重新启动服务器的情况下更新 ssl 证书? [英] Is it posible to update ssl cert without server restarting?

问题描述

我想在不重启的情况下更新 node.js http2 服务器上的 ssl 证书(以避免任何停机时间).此外，我不想在这项工作中使用任何 3rd 方模块.只有纯 nodejs.可能吗?

I'd like to update ssl certificates on node.js http2 server without restarting (to avoid any downtime). Also I don't want to use any 3rd party modules for this work. Only pure nodejs. Is it possible?

现在当证书即将到期时，我只是重新启动脚本.

Right now when certificate about to expire, i just restarting the script.

const https = require('http2');
const server = https.createSecureServer({
  ca: fs.readFileSync('chain.pem'),
  cert: fs.readFileSync('cert.pem', 'utf8'),//fullchain
  key: fs.readFileSync('privkey.pem', 'utf8'),
  allowHTTP1: true,
},

我希望能够观察证书文件是否更新(例如使用 fs.watch())，并即时更新 http2 服务器中的证书......

I expect to be able to watch if cert files were updated (using fs.watch() for example), and to update certificates in http2 server on the fly...

推荐答案

正如 Jake 所提到的，setSecureContext() 发挥了神奇的作用.似乎它可以在不中断当前连接的情况下更新证书.类似的东西:

As mentioned by Jake, setSecureContext() do the magic. Seems it can update certificate without breaking current connections. Something like:

setTimeout(function () {server.setSecureContext({
  ca: fs.readFileSync('chain.pem'),
  cert: fs.readFileSync('cert.pem', 'utf8'),//fullchain
  key: fs.readFileSync('privkey.pem', 'utf8')
})},86400000)

这篇关于是否可以在不重新启动服务器的情况下更新 ssl 证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！