Closed vercas closed 4 months ago
erebe
commented
4 months ago Hello,
This would be a nice addition, indeed. After, I am not sure if people that requires this kind of flexibility will not use a reverse-proxy in front of wstunnel.
Anyway, it should not be too hard to add, so I keep it in the backlog.
vercas
commented
4 months ago Right now I'm using nginx in front of wstunnel to work around this, but yeah, it's really not a dealbreaker.
cattyhouse
commented
4 months ago very useful indeed, sometimes, we just want to proxy stuff without additional frontend like nginx or caddy. with the ability to reload certs we can just use certbot(or any acme client with hooks to send SIGHUP to wstunnel when the certs get renewed) + wstunnel
erebe
commented
4 months ago It should be implemented in release v8.5.2, can you let me know if it is ok for you https://github.com/erebe/wstunnel/releases/tag/v8.5.2 ?
There is no sighup, but if the files change, it will be auto-reloaded for new connections
cattyhouse
commented
4 months ago There is no sighup, but if the files change, it will be auto-reloaded for new connections
great idea! works like inotify
When using a wstunnel server with a short-lived certificate, such as those provided by Let's Encrypt, it can be disruptive to have to take down the entire server in order to use newly-obtained certificates.
A mechanism for reloading certificates would be very useful. The most obvious way to trigger this is to use a Unix signal, e.g.
SIGHUPlikenginxdoes.This wouldn't have to close existing connections, and would only have to affect new connections.