mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-24 23:39:19 -04:00 
			
		
		
		
	tls: Synchronize renewals between Caddy instances sharing file storage
Also introduce caddy.OnProcessExit which is a list of functions that run before exiting the process cleanly; these do not count as shutdown callbacks, so they do not return errors and must execute quickly.
This commit is contained in:
		
							parent
							
								
									fc2ff9155c
								
							
						
					
					
						commit
						08028714b5
					
				
							
								
								
									
										8
									
								
								caddy.go
									
									
									
									
									
								
							
							
						
						
									
										8
									
								
								caddy.go
									
									
									
									
									
								
							| @ -77,6 +77,14 @@ var ( | ||||
| 	mu sync.Mutex | ||||
| ) | ||||
| 
 | ||||
| func init() { | ||||
| 	OnProcessExit = append(OnProcessExit, func() { | ||||
| 		if PidFile != "" { | ||||
| 			os.Remove(PidFile) | ||||
| 		} | ||||
| 	}) | ||||
| } | ||||
| 
 | ||||
| // Instance contains the state of servers created as a result of | ||||
| // calling Start and can be used to access or control those servers. | ||||
| // It is literally an instance of a server type. Instance values | ||||
|  | ||||
| @ -29,34 +29,6 @@ import ( | ||||
| 	"golang.org/x/crypto/ocsp" | ||||
| ) | ||||
| 
 | ||||
| // Certificate is a tls.Certificate with associated metadata tacked on. | ||||
| // Even if the metadata can be obtained by parsing the certificate, | ||||
| // we are more efficient by extracting the metadata onto this struct. | ||||
| type Certificate struct { | ||||
| 	tls.Certificate | ||||
| 
 | ||||
| 	// Names is the list of names this certificate is written for. | ||||
| 	// The first is the CommonName (if any), the rest are SAN. | ||||
| 	Names []string | ||||
| 
 | ||||
| 	// NotAfter is when the certificate expires. | ||||
| 	NotAfter time.Time | ||||
| 
 | ||||
| 	// OCSP contains the certificate's parsed OCSP response. | ||||
| 	OCSP *ocsp.Response | ||||
| 
 | ||||
| 	// The hex-encoded hash of this cert's chain's bytes. | ||||
| 	Hash string | ||||
| 
 | ||||
| 	// configs is the list of configs that use or refer to | ||||
| 	// The first one is assumed to be the config that is | ||||
| 	// "in charge" of this certificate (i.e. determines | ||||
| 	// whether it is managed, how it is managed, etc). | ||||
| 	// This field will be populated by cacheCertificate. | ||||
| 	// Only meddle with it if you know what you're doing! | ||||
| 	configs []*Config | ||||
| } | ||||
| 
 | ||||
| // certificateCache is to be an instance-wide cache of certs | ||||
| // that site-specific TLS configs can refer to. Using a | ||||
| // central map like this avoids duplication of certs in | ||||
| @ -127,6 +99,54 @@ func (certCache *certificateCache) replaceCertificate(oldCert, newCert Certifica | ||||
| 	return nil | ||||
| } | ||||
| 
 | ||||
| // reloadManagedCertificate reloads the certificate corresponding to the name(s) | ||||
| // on oldCert into the cache, from storage. This also replaces the old certificate | ||||
| // with the new one, so that all configurations that used the old cert now point | ||||
| // to the new cert. | ||||
| func (certCache *certificateCache) reloadManagedCertificate(oldCert Certificate) error { | ||||
| 	// get the certificate from storage and cache it | ||||
| 	newCert, err := oldCert.configs[0].CacheManagedCertificate(oldCert.Names[0]) | ||||
| 	if err != nil { | ||||
| 		return fmt.Errorf("unable to reload certificate for %v into cache: %v", oldCert.Names, err) | ||||
| 	} | ||||
| 
 | ||||
| 	// and replace the old certificate with the new one | ||||
| 	err = certCache.replaceCertificate(oldCert, newCert) | ||||
| 	if err != nil { | ||||
| 		return fmt.Errorf("replacing certificate %v: %v", oldCert.Names, err) | ||||
| 	} | ||||
| 
 | ||||
| 	return nil | ||||
| } | ||||
| 
 | ||||
| // Certificate is a tls.Certificate with associated metadata tacked on. | ||||
| // Even if the metadata can be obtained by parsing the certificate, | ||||
| // we are more efficient by extracting the metadata onto this struct. | ||||
| type Certificate struct { | ||||
| 	tls.Certificate | ||||
| 
 | ||||
| 	// Names is the list of names this certificate is written for. | ||||
| 	// The first is the CommonName (if any), the rest are SAN. | ||||
| 	Names []string | ||||
| 
 | ||||
| 	// NotAfter is when the certificate expires. | ||||
| 	NotAfter time.Time | ||||
| 
 | ||||
| 	// OCSP contains the certificate's parsed OCSP response. | ||||
| 	OCSP *ocsp.Response | ||||
| 
 | ||||
| 	// The hex-encoded hash of this cert's chain's bytes. | ||||
| 	Hash string | ||||
| 
 | ||||
| 	// configs is the list of configs that use or refer to | ||||
| 	// The first one is assumed to be the config that is | ||||
| 	// "in charge" of this certificate (i.e. determines | ||||
| 	// whether it is managed, how it is managed, etc). | ||||
| 	// This field will be populated by cacheCertificate. | ||||
| 	// Only meddle with it if you know what you're doing! | ||||
| 	configs []*Config | ||||
| } | ||||
| 
 | ||||
| // CacheManagedCertificate loads the certificate for domain into the | ||||
| // cache, from the TLS storage for managed certificates. It returns a | ||||
| // copy of the Certificate that was put into the cache. | ||||
|  | ||||
| @ -39,7 +39,7 @@ type ACMEClient struct { | ||||
| 	AllowPrompts bool | ||||
| 	config       *Config | ||||
| 	acmeClient   *acme.Client | ||||
| 	locker       Locker | ||||
| 	storage      Storage | ||||
| } | ||||
| 
 | ||||
| // newACMEClient creates a new ACMEClient given an email and whether | ||||
| @ -121,10 +121,7 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error) | ||||
| 		AllowPrompts: allowPrompts, | ||||
| 		config:       config, | ||||
| 		acmeClient:   client, | ||||
| 		locker: &syncLock{ | ||||
| 			nameLocks:   make(map[string]*sync.WaitGroup), | ||||
| 			nameLocksMu: sync.Mutex{}, | ||||
| 		}, | ||||
| 		storage:      storage, | ||||
| 	} | ||||
| 
 | ||||
| 	if config.DNSProvider == "" { | ||||
| @ -209,13 +206,7 @@ var newACMEClient = func(config *Config, allowPrompts bool) (*ACMEClient, error) | ||||
| // Callers who have access to a Config value should use the ObtainCert | ||||
| // method on that instead of this lower-level method. | ||||
| func (c *ACMEClient) Obtain(name string) error { | ||||
| 	// Get access to ACME storage | ||||
| 	storage, err := c.config.StorageFor(c.config.CAUrl) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 
 | ||||
| 	waiter, err := c.locker.TryLock(name) | ||||
| 	waiter, err := c.storage.TryLock(name) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| @ -225,7 +216,7 @@ func (c *ACMEClient) Obtain(name string) error { | ||||
| 		return nil // we assume the process with the lock succeeded, rather than hammering this execution path again | ||||
| 	} | ||||
| 	defer func() { | ||||
| 		if err := c.locker.Unlock(name); err != nil { | ||||
| 		if err := c.storage.Unlock(name); err != nil { | ||||
| 			log.Printf("[ERROR] Unable to unlock obtain call for %s: %v", name, err) | ||||
| 		} | ||||
| 	}() | ||||
| @ -268,7 +259,7 @@ Attempts: | ||||
| 		} | ||||
| 
 | ||||
| 		// Success - immediately save the certificate resource | ||||
| 		err = saveCertResource(storage, certificate) | ||||
| 		err = saveCertResource(c.storage, certificate) | ||||
| 		if err != nil { | ||||
| 			return fmt.Errorf("error saving assets for %v: %v", name, err) | ||||
| 		} | ||||
| @ -279,35 +270,30 @@ Attempts: | ||||
| 	return nil | ||||
| } | ||||
| 
 | ||||
| // Renew renews the managed certificate for name. This function is | ||||
| // safe for concurrent use. | ||||
| // Renew renews the managed certificate for name. It puts the renewed | ||||
| // certificate into storage (not the cache). This function is safe for | ||||
| // concurrent use. | ||||
| // | ||||
| // Callers who have access to a Config value should use the RenewCert | ||||
| // method on that instead of this lower-level method. | ||||
| func (c *ACMEClient) Renew(name string) error { | ||||
| 	// Get access to ACME storage | ||||
| 	storage, err := c.config.StorageFor(c.config.CAUrl) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 
 | ||||
| 	waiter, err := c.locker.TryLock(name) | ||||
| 	waiter, err := c.storage.TryLock(name) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 	if waiter != nil { | ||||
| 		log.Printf("[INFO] Certificate for %s is already being renewed elsewhere and stored; waiting", name) | ||||
| 		waiter.Wait() | ||||
| 		return nil // we assume the process with the lock succeeded, rather than hammering this execution path again | ||||
| 		return nil // assume that the worker that renewed the cert succeeded; avoid hammering this path over and over | ||||
| 	} | ||||
| 	defer func() { | ||||
| 		if err := c.locker.Unlock(name); err != nil { | ||||
| 		if err := c.storage.Unlock(name); err != nil { | ||||
| 			log.Printf("[ERROR] Unable to unlock renew call for %s: %v", name, err) | ||||
| 		} | ||||
| 	}() | ||||
| 
 | ||||
| 	// Prepare for renewal (load PEM cert, key, and meta) | ||||
| 	siteData, err := storage.LoadSite(name) | ||||
| 	siteData, err := c.storage.LoadSite(name) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| @ -350,21 +336,15 @@ func (c *ACMEClient) Renew(name string) error { | ||||
| 		return errors.New("too many renewal attempts; last error: " + err.Error()) | ||||
| 	} | ||||
| 
 | ||||
| 	// Executes Cert renew events | ||||
| 	caddy.EmitEvent(caddy.CertRenewEvent, name) | ||||
| 
 | ||||
| 	return saveCertResource(storage, newCertMeta) | ||||
| 	return saveCertResource(c.storage, newCertMeta) | ||||
| } | ||||
| 
 | ||||
| // Revoke revokes the certificate for name and deltes | ||||
| // Revoke revokes the certificate for name and deletes | ||||
| // it from storage. | ||||
| func (c *ACMEClient) Revoke(name string) error { | ||||
| 	storage, err := c.config.StorageFor(c.config.CAUrl) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 
 | ||||
| 	siteExists, err := storage.SiteExists(name) | ||||
| 	siteExists, err := c.storage.SiteExists(name) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| @ -373,7 +353,7 @@ func (c *ACMEClient) Revoke(name string) error { | ||||
| 		return errors.New("no certificate and key for " + name) | ||||
| 	} | ||||
| 
 | ||||
| 	siteData, err := storage.LoadSite(name) | ||||
| 	siteData, err := c.storage.LoadSite(name) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| @ -383,7 +363,7 @@ func (c *ACMEClient) Revoke(name string) error { | ||||
| 		return err | ||||
| 	} | ||||
| 
 | ||||
| 	err = storage.DeleteSite(name) | ||||
| 	err = c.storage.DeleteSite(name) | ||||
| 	if err != nil { | ||||
| 		return errors.New("certificate revoked, but unable to delete certificate file: " + err.Error()) | ||||
| 	} | ||||
|  | ||||
| @ -38,9 +38,9 @@ var storageBasePath = filepath.Join(caddy.AssetsPath(), "acme") | ||||
| // Storage instance backed by the local disk. The resulting Storage | ||||
| // instance is guaranteed to be non-nil if there is no error. | ||||
| func NewFileStorage(caURL *url.URL) (Storage, error) { | ||||
| 	return &FileStorage{ | ||||
| 		Path: filepath.Join(storageBasePath, caURL.Host), | ||||
| 	}, nil | ||||
| 	storage := &FileStorage{Path: filepath.Join(storageBasePath, caURL.Host)} | ||||
| 	storage.Locker = &fileStorageLock{caURL: caURL.Host, storage: storage} | ||||
| 	return storage, nil | ||||
| } | ||||
| 
 | ||||
| // FileStorage facilitates forming file paths derived from a root | ||||
| @ -48,6 +48,7 @@ func NewFileStorage(caURL *url.URL) (Storage, error) { | ||||
| // cross-platform way or persisting ACME assets on the file system. | ||||
| type FileStorage struct { | ||||
| 	Path string | ||||
| 	Locker | ||||
| } | ||||
| 
 | ||||
| // sites gets the directory that stores site certificate and keys. | ||||
|  | ||||
							
								
								
									
										123
									
								
								caddytls/filestoragesync.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										123
									
								
								caddytls/filestoragesync.go
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,123 @@ | ||||
| // Copyright 2015 Light Code Labs, LLC | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
| // | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
| 
 | ||||
| package caddytls | ||||
| 
 | ||||
| import ( | ||||
| 	"fmt" | ||||
| 	"os" | ||||
| 	"sync" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"github.com/mholt/caddy" | ||||
| ) | ||||
| 
 | ||||
| func init() { | ||||
| 	// be sure to remove lock files when exiting the process! | ||||
| 	caddy.OnProcessExit = append(caddy.OnProcessExit, func() { | ||||
| 		fileStorageNameLocksMu.Lock() | ||||
| 		defer fileStorageNameLocksMu.Unlock() | ||||
| 		for key, fw := range fileStorageNameLocks { | ||||
| 			os.Remove(fw.filename) | ||||
| 			delete(fileStorageNameLocks, key) | ||||
| 		} | ||||
| 	}) | ||||
| } | ||||
| 
 | ||||
| // fileStorageLock facilitates ACME-related locking by using | ||||
| // the associated FileStorage, so multiple processes can coordinate | ||||
| // renewals on the certificates on a shared file system. | ||||
| type fileStorageLock struct { | ||||
| 	caURL   string | ||||
| 	storage *FileStorage | ||||
| } | ||||
| 
 | ||||
| // TryLock attempts to get a lock for name, otherwise it returns | ||||
| // a Waiter value to wait until the other process is finished. | ||||
| func (s *fileStorageLock) TryLock(name string) (Waiter, error) { | ||||
| 	fileStorageNameLocksMu.Lock() | ||||
| 	defer fileStorageNameLocksMu.Unlock() | ||||
| 
 | ||||
| 	// see if lock already exists within this process | ||||
| 	fw, ok := fileStorageNameLocks[s.caURL+name] | ||||
| 	if ok { | ||||
| 		// lock already created within process, let caller wait on it | ||||
| 		return fw, nil | ||||
| 	} | ||||
| 
 | ||||
| 	// attempt to persist lock to disk by creating lock file | ||||
| 	fw = &fileWaiter{ | ||||
| 		filename: s.storage.siteCertFile(name) + ".lock", | ||||
| 		wg:       new(sync.WaitGroup), | ||||
| 	} | ||||
| 	lf, err := os.OpenFile(fw.filename, os.O_CREATE|os.O_EXCL, 0644) | ||||
| 	if err != nil { | ||||
| 		if os.IsExist(err) { | ||||
| 			// another process has the lock; use it to wait | ||||
| 			return fw, nil | ||||
| 		} | ||||
| 		// otherwise, this was some unexpected error | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	lf.Close() | ||||
| 
 | ||||
| 	// looks like we get the lock | ||||
| 	fw.wg.Add(1) | ||||
| 	fileStorageNameLocks[s.caURL+name] = fw | ||||
| 
 | ||||
| 	return nil, nil | ||||
| } | ||||
| 
 | ||||
| // Unlock unlocks name. | ||||
| func (s *fileStorageLock) Unlock(name string) error { | ||||
| 	fileStorageNameLocksMu.Lock() | ||||
| 	defer fileStorageNameLocksMu.Unlock() | ||||
| 	fw, ok := fileStorageNameLocks[s.caURL+name] | ||||
| 	if !ok { | ||||
| 		return fmt.Errorf("FileStorage: no lock to release for %s", name) | ||||
| 	} | ||||
| 	os.Remove(fw.filename) | ||||
| 	fw.wg.Done() | ||||
| 	delete(fileStorageNameLocks, s.caURL+name) | ||||
| 	return nil | ||||
| } | ||||
| 
 | ||||
| // fileWaiter waits for a file to disappear; it polls | ||||
| // the file system to check for the existence of a file. | ||||
| // It also has a WaitGroup which will be faster than | ||||
| // polling, for when locking need only happen within this | ||||
| // process. | ||||
| type fileWaiter struct { | ||||
| 	filename string | ||||
| 	wg       *sync.WaitGroup | ||||
| } | ||||
| 
 | ||||
| // Wait waits until the lock is released. | ||||
| func (fw *fileWaiter) Wait() { | ||||
| 	start := time.Now() | ||||
| 	fw.wg.Wait() | ||||
| 	for time.Since(start) < 1*time.Hour { | ||||
| 		_, err := os.Stat(fw.filename) | ||||
| 		if os.IsNotExist(err) { | ||||
| 			return | ||||
| 		} | ||||
| 		time.Sleep(1 * time.Second) | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| var fileStorageNameLocks = make(map[string]*fileWaiter) // keyed by CA + name | ||||
| var fileStorageNameLocksMu sync.Mutex | ||||
| 
 | ||||
| var _ Locker = &fileStorageLock{} | ||||
| var _ Waiter = &fileWaiter{} | ||||
| @ -160,17 +160,12 @@ func RenewManagedCertificates(allowPrompts bool) (err error) { | ||||
| 			log.Printf("[INFO] Certificate for %v expires in %v, but is already renewed in storage; reloading stored certificate", | ||||
| 				oldCert.Names, timeLeft) | ||||
| 
 | ||||
| 			// get the certificate from storage and cache it | ||||
| 			newCert, err := oldCert.configs[0].CacheManagedCertificate(oldCert.Names[0]) | ||||
| 			err = certCache.reloadManagedCertificate(oldCert) | ||||
| 			if err != nil { | ||||
| 				log.Printf("[ERROR] Unable to reload certificate for %v into cache: %v", oldCert.Names, err) | ||||
| 				continue | ||||
| 			} | ||||
| 
 | ||||
| 			// and replace the old certificate with the new one | ||||
| 			err = certCache.replaceCertificate(oldCert, newCert) | ||||
| 			if err != nil { | ||||
| 				log.Printf("[ERROR] Replacing certificate: %v", err) | ||||
| 				if allowPrompts { | ||||
| 					return err // operator is present, so report error immediately | ||||
| 				} | ||||
| 				log.Printf("[ERROR] Loading renewed certificate: %v", err) | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
| @ -212,21 +207,13 @@ func RenewManagedCertificates(allowPrompts bool) (err error) { | ||||
| 
 | ||||
| 			// successful renewal, so update in-memory cache by loading | ||||
| 			// renewed certificate so it will be used with handshakes | ||||
| 
 | ||||
| 			// put the certificate in the cache | ||||
| 			newCert, err := oldCert.configs[0].CacheManagedCertificate(renewName) | ||||
| 			err = certCache.reloadManagedCertificate(oldCert) | ||||
| 			if err != nil { | ||||
| 				if allowPrompts { | ||||
| 					return err // operator is present, so report error immediately | ||||
| 				} | ||||
| 				log.Printf("[ERROR] %v", err) | ||||
| 			} | ||||
| 
 | ||||
| 			// replace the old certificate with the new one | ||||
| 			err = certCache.replaceCertificate(oldCert, newCert) | ||||
| 			if err != nil { | ||||
| 				log.Printf("[ERROR] Replacing certificate: %v", err) | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
| 		// Deletion queue | ||||
|  | ||||
| @ -107,6 +107,10 @@ type Storage interface { | ||||
| 	// in StoreUser. The result is an empty string if there are no | ||||
| 	// persisted users in storage. | ||||
| 	MostRecentUserEmail() string | ||||
| 
 | ||||
| 	// Locker is necessary because synchronizing certificate maintenance | ||||
| 	// depends on how storage is implemented. | ||||
| 	Locker | ||||
| } | ||||
| 
 | ||||
| // ErrNotExist is returned by Storage implementations when | ||||
|  | ||||
| @ -1,57 +0,0 @@ | ||||
| // Copyright 2015 Light Code Labs, LLC | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
| // | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
| 
 | ||||
| package caddytls | ||||
| 
 | ||||
| import ( | ||||
| 	"fmt" | ||||
| 	"sync" | ||||
| ) | ||||
| 
 | ||||
| var _ Locker = &syncLock{} | ||||
| 
 | ||||
| type syncLock struct { | ||||
| 	nameLocks   map[string]*sync.WaitGroup | ||||
| 	nameLocksMu sync.Mutex | ||||
| } | ||||
| 
 | ||||
| // TryLock attempts to get a lock for name, otherwise it returns | ||||
| // a Waiter value to wait until the other process is finished. | ||||
| func (s *syncLock) TryLock(name string) (Waiter, error) { | ||||
| 	s.nameLocksMu.Lock() | ||||
| 	defer s.nameLocksMu.Unlock() | ||||
| 	wg, ok := s.nameLocks[name] | ||||
| 	if ok { | ||||
| 		// lock already obtained, let caller wait on it | ||||
| 		return wg, nil | ||||
| 	} | ||||
| 	// caller gets lock | ||||
| 	wg = new(sync.WaitGroup) | ||||
| 	wg.Add(1) | ||||
| 	s.nameLocks[name] = wg | ||||
| 	return nil, nil | ||||
| } | ||||
| 
 | ||||
| // Unlock unlocks name. | ||||
| func (s *syncLock) Unlock(name string) error { | ||||
| 	s.nameLocksMu.Lock() | ||||
| 	defer s.nameLocksMu.Unlock() | ||||
| 	wg, ok := s.nameLocks[name] | ||||
| 	if !ok { | ||||
| 		return fmt.Errorf("FileStorage: no lock to release for %s", name) | ||||
| 	} | ||||
| 	wg.Done() | ||||
| 	delete(s.nameLocks, name) | ||||
| 	return nil | ||||
| } | ||||
| @ -383,6 +383,14 @@ func loadCaddyfileInput(serverType string) (Input, error) { | ||||
| 	return caddyfileToUse, nil | ||||
| } | ||||
| 
 | ||||
| // OnProcessExit is a list of functions to run when the process | ||||
| // exits -- they are ONLY for cleanup and should not block, | ||||
| // return errors, or do anything fancy. They will be run with | ||||
| // every signal, even if "shutdown callbacks" are not executed. | ||||
| // This variable must only be modified in the main goroutine | ||||
| // from init() functions. | ||||
| var OnProcessExit []func() | ||||
| 
 | ||||
| // caddyfileLoader pairs the name of a loader to the loader. | ||||
| type caddyfileLoader struct { | ||||
| 	name   string | ||||
|  | ||||
| @ -44,16 +44,17 @@ func trapSignalsCrossPlatform() { | ||||
| 
 | ||||
| 			if i > 0 { | ||||
| 				log.Println("[INFO] SIGINT: Force quit") | ||||
| 				if PidFile != "" { | ||||
| 					os.Remove(PidFile) | ||||
| 				for _, f := range OnProcessExit { | ||||
| 					f() // important cleanup actions only | ||||
| 				} | ||||
| 				os.Exit(2) | ||||
| 			} | ||||
| 
 | ||||
| 			log.Println("[INFO] SIGINT: Shutting down") | ||||
| 
 | ||||
| 			if PidFile != "" { | ||||
| 				os.Remove(PidFile) | ||||
| 			// important cleanup actions before shutdown callbacks | ||||
| 			for _, f := range OnProcessExit { | ||||
| 				f() | ||||
| 			} | ||||
| 
 | ||||
| 			go func() { | ||||
|  | ||||
| @ -33,8 +33,8 @@ func trapSignalsPosix() { | ||||
| 			switch sig { | ||||
| 			case syscall.SIGTERM: | ||||
| 				log.Println("[INFO] SIGTERM: Terminating process") | ||||
| 				if PidFile != "" { | ||||
| 					os.Remove(PidFile) | ||||
| 				for _, f := range OnProcessExit { | ||||
| 					f() // only perform important cleanup actions | ||||
| 				} | ||||
| 				os.Exit(0) | ||||
| 
 | ||||
| @ -46,8 +46,8 @@ func trapSignalsPosix() { | ||||
| 					log.Printf("[ERROR] SIGQUIT stop: %v", err) | ||||
| 					exitCode = 3 | ||||
| 				} | ||||
| 				if PidFile != "" { | ||||
| 					os.Remove(PidFile) | ||||
| 				for _, f := range OnProcessExit { | ||||
| 					f() // only perform important cleanup actions | ||||
| 				} | ||||
| 				os.Exit(exitCode) | ||||
| 
 | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user