https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #13 from Remy Maucherat ---
(In reply to Michael Osipov from comment #12)
> Maybe this listener should receive a reload interface will will decide
> whether the file needs to be reloaded or not? We can provide a default impl,
> but
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
Michael Osipov changed:
What|Removed |Added
CC||micha...@apache.org
--
You are recei
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #12 from Michael Osipov ---
(In reply to Mark Thomas from comment #8)
> I've been discussing this with the users recently and came up with the
> following approach.
>
> - Lifecycle listener that ships with Tomcat
> - Every X minute
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #11 from Remy Maucherat ---
(In reply to Mark Thomas from comment #8)
> I've been discussing this with the users recently and came up with the
> following approach.
>
> - Lifecycle listener that ships with Tomcat
> - Every X minute
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #10 from Mark Thomas ---
Not every key/cert is defined by a file.
At least one cloud provider (Azure) has a JCA provider that enables Java apps
to access keys in the cloud provided vault without any reference to a file on
the file
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #9 from Christopher Schultz ---
(In reply to Mark Thomas from comment #8)
> I've been discussing this with the users recently and came up with the
> following approach.
>
> - Lifecycle listener that ships with Tomcat
> - Every X mi
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #8 from Mark Thomas ---
I've been discussing this with the users recently and came up with the
following approach.
- Lifecycle listener that ships with Tomcat
- Every X minutes (driven by background process but customisable so chec
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #7 from Christoph Anton Mitterer ---
I'd also say that any form of automatic reloading (e.g. via fnotify on
respectively periodic reloading of the cert/key files) is a bad idea.
It may e.g just happen at the time where only one of t
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
Rainer Jung changed:
What|Removed |Added
Target Milestone|--- |--
Component|Common
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #6 from Anders Rundgren ---
> The OP recommends using a package that is limited (APR only), fragile
> (custom non-daemon watcher thread, suspicious call behavior, and (IMHO)
> unnecessary.
I'm merely proposing adding this kind of f
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #5 from Christopher Schultz ---
(In reply to Michael Osipov from comment #4)
> Why is it not possible to use the background process to
> detect mtime change of cert/private key and initiate a connector reload?
It is possible. It's
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #4 from Michael Osipov ---
Stupid question: Why is it not possible to use the background process to detect
mtime change of cert/private key and initiate a connector reload? This would
be, of course, off by default.
--
You are rece
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #3 from Mark Thomas ---
I think there is an argument for providing a listener to do this as part of the
Tomcat distribution. Those users that need it can then enable it.
--
You are receiving this mail because:
You are the assignee
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #2 from Anders Rundgren ---
Since administrating SSL certificates is a major PITA, I'm looking for a
built-in solution that is compatible with ACME.
For my current use I will use:
https://github.com/schnatterer/tomcat-reloading-con
https://bz.apache.org/bugzilla/show_bug.cgi?id=65770
--- Comment #1 from Remy Maucherat ---
I'm not sure it is a very good idea to use an automagical reload here. There is
functionality to trigger a reload of the SSL host configs using JMX, this is
more predictable. Is it not a good solution for
16 matches
Mail list logo
