Caddy: [Feature] renew hook for automatically obtained certificates
All 12 comments
I think this is related to https://github.com/mholt/caddy/issues/1683
francislavoie
on 1 Jun 2017
@fheusel Do you need the hook available from outside the Caddy process, or from within it (i.e. as part of a plugin or something)?
mholt
on 9 Aug 2017
@mholt I'm not sure if I understand you correctly. I'd like caddy to be able to trigger a restart of some services each time caddy obtains a new certificate. Otherwise services like dovecot or postfix won't pick up the new certificates.
fheusel
on 9 Aug 2017
@fheusel How does that restart happen? (i.e. push or pull method?)
mholt
on 9 Aug 2017
Could you use something like inotify to watch for file changes? I'd think that could also work.
francislavoie
on 9 Aug 2017
Theoretically, we could add an event hook to...
https://github.com/mholt/caddy/blob/b5ec4622993655d69ee68f3b833a69179a830f3f/caddytls/client.go#L268-L335
... and build a plugin to execute a command [os/exec], triggered by the event
elcore
on 9 Aug 2017
@mholt e.g service dovecot restart - so I suppose it's a push method?
@francislavoie that would be possible, but then one had to build another error prone "watching" service. And on different operating systems you'll need different solutions to watch for filechanges.
@elcore this sounds like the way I was hoping for.
fheusel
on 10 Aug 2017
Hello @fheusel,
I am currently working on this 馃槃
UPDATE 1: I am testing it in prod
elcore
on 13 Aug 2017
Update, the new plan is the following:
- Add new event hooks:
CertRenewEvent(andInstanceStartupEvent@elcore?) - Add a new Caddyfile directive
on [event] [cmd] - Deprecate the
startupandshutdowndirectives and change them to be aliases foron startup [cmd]
Reference code:
- Original PR: https://github.com/mholt/caddy/pull/1842
- Original plugin code: https://github.com/elcore/caddy-command
Throwing another idea in here... Issue https://github.com/mholt/caddy/issues/1683 was requesting to get data metrics about certs. We could probably pass some of these metrics along with the new event for other plugins to use, as @mholt suggested on that issue. In addition, maybe some of the data passed through the events could be used as placeholders in the command on the new on directive? Maybe those are worth leaving to a different PR though.
francislavoie
on 3 Sep 2017
[...] and
InstanceStartupEvent@elcore?
Caddy Command does not support StartupEvent, as it is emitted before the Caddyfile is loaded!
elcore
on 3 Sep 2017
Oh, yeah, the nice thing about startup/shutdown is that they apply to those servers/sites/listeners specifically, not the entire Caddy process as a whole. Either we keep those the same for now, or we will need to designate another event for per-site/per-listener startup/shutdown...
mholt
on 3 Sep 2017
@mholt Correct!
P. S. : Caddy Command is configured per-site 馃槃
elcore
on 3 Sep 2017
Related issues
mikolysz
路
3Comments
crvv
路
3Comments
billop
路
3Comments
treviser
路
3Comments
klaasel
路
3Comments
Most helpful comment
Update, the new plan is the following:
CertRenewEvent(andInstanceStartupEvent@elcore?)on [event] [cmd]startupandshutdowndirectives and change them to be aliases foron startup [cmd]Reference code:
Throwing another idea in here... Issue https://github.com/mholt/caddy/issues/1683 was requesting to get data metrics about certs. We could probably pass some of these metrics along with the new event for other plugins to use, as @mholt suggested on that issue. In addition, maybe some of the data passed through the events could be used as placeholders in the command on the new
ondirective? Maybe those are worth leaving to a different PR though.