@jedisct1 Hi, I regenerated the cert and restarted the wrapper, but it only works after I restart proxy. How to do a smooth transition?
-
-
Replying to @maciejsoltysiak
@maciejsoltysiak Hi! If your kernel is not too old, you can start the new one before killing the old one. Both can work simultaneously.1 reply 0 retweets 0 likes -
Replying to @jedisct1
@maciejsoltysiak it's using SO_REUSEPORT if available. http://freeprogrammersblog.vhex.net/post/linux-39-introdued-new-way-of-writing-socket-servers/2 …2 replies 0 retweets 0 likes -
Replying to @maciejsoltysiak
@maciejsoltysiak Maybe because the old (and still running) instance didn’t use a version of the proxy setting SO_REUSEPORT?1 reply 0 retweets 0 likes -
Replying to @jedisct1
@jedisct1 It wouldn't work, have a look: https://github.com/pysiak/dnscrypt-wrapper/commit/a9e2157ccf73e9da46f2442ffe6d1e94dd88d01c … - only then it binds.1 reply 0 retweets 0 likes -
Replying to @maciejsoltysiak
@jedisct1 I think after wrapper is restarted with new cert, the client is still assuming previous keys and can't talk to it.1 reply 0 retweets 0 likes -
Replying to @maciejsoltysiak
@maciejsoltysiak Right, clients are not pinned to a specific process :(1 reply 0 retweets 0 likes
@maciejsoltysiak Publish the new certificate now (without removing the old one), and then do the actual rotation.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.