[HTTP Server] support TLS config hot reload via SIGHUP (#171823)

## Summary Fix #54368 Add support for hot reloading the Kibana server's TLS configuration, using the same `SIGHUP`-based reload signal, as already implemented for other parts of the Kibana configuration (e.g `logging`) **Note:** - hot reloading is only supported for the server TLS configuration (`server.ssl`), not for the whole `server.*` config prefix - swaping the certificate files (without modifying the kibana config itself) is supported - it is not possible to toggle TLS (enabling or disabling) without restarting Kibana - hot reloading requires to force the process to reload its configuration by sending a `SIGHUP` signal ### Example / how to test #### Before ```yaml server.ssl.enabled: true server.ssl.certificate: /path-to-kibana/packages/kbn-dev-utils/certs/kibana.crt server.ssl.key: /path-to-kibana/packages/kbn-dev-utils/certs/kibana.key ``` <img width="550" alt="Screenshot 2023-11-23 at 15 11 28" src="https://github.com/elastic/kibana/assets/1532934/1226d161-a9f2-4d62-a3de-37161829f187"> #### Changing the config ```yaml server.ssl.enabled: true server.ssl.certificate: /path-to-kibana/packages/kbn-dev-utils/certs/elasticsearch.crt server.ssl.key: /path-to-kibana/packages/kbn-dev-utils/certs/elasticsearch.key ``` ```bash kill -SIGHUP {KIBANA_PID} ``` <img width="865" alt="Screenshot 2023-11-23 at 15 18 21" src="https://github.com/elastic/kibana/assets/1532934/c9412b2e-d70e-4cf0-8eaf-4db70a45af60"> #### After <img width="547" alt="Screenshot 2023-11-23 at 15 18 43" src="https://github.com/elastic/kibana/assets/1532934/c839f04f-4adb-456d-a174-4f0ebd5c234c"> ## Release notes It is now possible to hot reload Kibana's TLS (`server.ssl`) configuration by updating it and then sending a `SIGHUP` signal to the Kibana process. Note that TLS cannot be toggled (disabled/enabled) that way, and that hot reload only works for the TLS configuration, not other properties of the `server` config prefix. --------- Co-authored-by: kibanamachine <[email protected]>
elastic · Nov 24, 2023 · 87213e7 · 87213e7
1 parent 8af928e
commit 87213e7
Show file tree

Hide file tree

Showing 18 changed files with 728 additions and 118 deletions.
diff --git a/packages/core/http/core-http-server-internal/src/http_server.test.mocks.ts b/packages/core/http/core-http-server-internal/src/http_server.test.mocks.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+export const setTlsConfigMock = jest.fn();
+
+jest.doMock('@kbn/server-http-tools', () => {
+  const actual = jest.requireActual('@kbn/server-http-tools');
+  return {
+    ...actual,
+    setTlsConfig: setTlsConfigMock,
+    createServer: jest.fn(actual.createServer),
+  };
+});