diff --git a/.gitignore b/.gitignore index 48acbc30..7e2d8f0e 100644 --- a/.gitignore +++ b/.gitignore @@ -51,3 +51,6 @@ data.etcd/ # vscode .vscode +# asdf +.tool-versions + diff --git a/resources/blockchain_network_config.json b/resources/blockchain_network_config.json index 6f93c13b..4e27d269 100644 --- a/resources/blockchain_network_config.json +++ b/resources/blockchain_network_config.json @@ -15,8 +15,8 @@ "network_id": "5" }, "sepolia": { - "ethereum_json_rpc_http_endpoint": "https://sepolia.infura.io/v3/98064002908248a0b0d837940d2c647b", - "ethereum_json_rpc_ws_endpoint": "wss://sepolia.infura.io/ws/v3/98064002908248a0b0d837940d2c647b", + "ethereum_json_rpc_http_endpoint": "https://sepolia.infura.io/v3/09027f4a13e841d48dbfefc67e7685d5", + "ethereum_json_rpc_ws_endpoint": "wss://sepolia.infura.io/ws/v3/09027f4a13e841d48dbfefc67e7685d5", "network_id": "11155111" } } \ No newline at end of file diff --git a/snetd/cmd/certs_listener.go b/snetd/cmd/certs_listener.go new file mode 100644 index 00000000..5355f9c8 --- /dev/null +++ b/snetd/cmd/certs_listener.go @@ -0,0 +1,50 @@ +package cmd + +import ( + "crypto/tls" + "fmt" + "sync" + "time" + + "go.uber.org/zap" +) + +type CertReloader struct { + CertFile string // path to the x509 certificate for https + KeyFile string // path to the x509 private key matching + mutex *sync.Mutex + cachedCert *tls.Certificate +} + +func (cr *CertReloader) reloadCertificate() error { + pair, err := tls.LoadX509KeyPair(cr.CertFile, cr.KeyFile) + if err != nil { + return fmt.Errorf("failed loading tls key pair: %w", err) + } + cr.mutex.Lock() + cr.cachedCert = &pair + cr.mutex.Unlock() + return err +} + +func (cr *CertReloader) GetCertificate() *tls.Certificate { + cr.mutex.Lock() + defer cr.mutex.Unlock() + return cr.cachedCert +} + +func (cr *CertReloader) Listen() { + ticker := time.NewTicker(3 * time.Second) + + go func() { + for { + select { + case <-ticker.C: + err := cr.reloadCertificate() + if err != nil { + zap.L().Error("Error in reloading ssl certificates", zap.Error(err)) + } + } + } + }() +} diff --git a/snetd/cmd/serve.go b/snetd/cmd/serve.go index 225984d8..4d453ce8 100644 --- a/snetd/cmd/serve.go +++ b/snetd/cmd/serve.go @@ -8,6 +8,7 @@ import ( "os" "os/signal" "strings" + "sync" "syscall" "github.com/singnet/snet-daemon/blockchain" @@ -147,6 +148,14 @@ func (d *daemon) start() { var tlsConfig *tls.Config + certReloader := CertReloader{ + CertFile: config.GetString(config.SSLCertPathKey), + KeyFile: config.GetString(config.SSLKeyPathKey), + mutex: new(sync.Mutex), + } + + certReloader.Listen() + if d.autoSSLDomain != "" { zap.L().Debug("enabling automatic SSL support") certMgr := autocert.Manager{ @@ -173,6 +182,9 @@ func (d *daemon) start() { } else if d.sslCert != nil { zap.L().Debug("enabling SSL support via X509 keypair") tlsConfig = &tls.Config{ + GetCertificate: func(c *tls.ClientHelloInfo) (*tls.Certificate, error) { + return certReloader.GetCertificate(), nil + }, Certificates: []tls.Certificate{*d.sslCert}, } }