summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-06-09 20:45:04 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-06-10 08:28:00 +0000
commit734ff5f50fa9e07e519387d504795aa513e1a3b2 (patch)
treef8881bad51a81065a475f7cc5c718672392eed9b
parent2d98f3b17e1146db6362e302d28474fb6f5520e6 (diff)
downloadvyos-1x-734ff5f50fa9e07e519387d504795aa513e1a3b2.tar.gz
vyos-1x-734ff5f50fa9e07e519387d504795aa513e1a3b2.zip
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
The haproxy reverse proxy was not reloaded/restarted with the new SSL certificate(s) after a change in the PKI subsystem. This was due to missing dependencies. (cherry picked from commit 6ce8efdc8dafef67541bed89fc7dc7cd83335bf4)
-rw-r--r--data/config-mode-dependencies/vyos-1x.json1
-rwxr-xr-xsrc/conf_mode/pki.py4
2 files changed, 5 insertions, 0 deletions
diff --git a/data/config-mode-dependencies/vyos-1x.json b/data/config-mode-dependencies/vyos-1x.json
index 13de434bd..20ec12f04 100644
--- a/data/config-mode-dependencies/vyos-1x.json
+++ b/data/config-mode-dependencies/vyos-1x.json
@@ -29,6 +29,7 @@
"https": ["service_https"],
"ipsec": ["vpn_ipsec"],
"openconnect": ["vpn_openconnect"],
+ "reverse_proxy": ["load-balancing_reverse-proxy"],
"rpki": ["protocols_rpki"],
"sstp": ["vpn_sstp"]
},
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 8deec0e85..f37cac524 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -67,6 +67,10 @@ sync_search = [
'path': ['interfaces', 'sstpc'],
},
{
+ 'keys': ['certificate', 'ca_certificate'],
+ 'path': ['load_balancing', 'reverse_proxy'],
+ },
+ {
'keys': ['key'],
'path': ['protocols', 'rpki', 'cache'],
},