github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #2946] [Feature Request] Hot reloading TLS certificates in FRPS #2352

New issue
Open
opened 2026-05-05 13:30:56 -06:00 by gitea-mirror · 4 comments
gitea-mirror commented 2026-05-05 13:30:56 -06:00
Owner
Copy link

Originally created by @splinter98 on GitHub (May 20, 2022).
Original GitHub issue: https://github.com/fatedier/frp/issues/2946

Describe the feature request

Currently in FRPS TLS certificates are only loaded during the initialisation of the server, so if the signed certificate expires or are replaced FRPS needs to be restarted which will break any client connections.

Looking at how other programs handle this there seems to be two main approaches.

  1. Catch any SIGHUP signals sent to the FRPS process and reload the certificate
  2. Watch the files and reload the files when they changed

The former seemed simpler to implement so I have a working version at: splinter98/frp on the ssh-renewal branch.

Describe alternatives you've considered

I've also considered looking implementing the file monitoring approach but this would introduce another 3rd party library dependency.

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @splinter98 on GitHub (May 20, 2022). Original GitHub issue: https://github.com/fatedier/frp/issues/2946 ### Describe the feature request Currently in FRPS TLS certificates are only loaded during the initialisation of the server, so if the signed certificate expires or are replaced FRPS needs to be restarted which will break any client connections. Looking at how other programs handle this there seems to be two main approaches. 1. Catch any SIGHUP signals sent to the FRPS process and reload the certificate 2. Watch the files and reload the files when they changed The former seemed simpler to implement so I have a working version at: [splinter98/frp](https://github.com/splinter98/frp/tree/ssh-renewal) on the ssh-renewal branch. ### Describe alternatives you've considered I've also considered looking implementing the file monitoring approach but this would introduce another 3rd party library dependency. ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [X] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [X] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror added the
proposal
 label 2026-05-05 13:30:56 -06:00
gitea-mirror commented 2026-05-05 13:30:59 -06:00
Author
Owner
Copy link

@keliansb commented on GitHub (Aug 20, 2024):

Would love to see this feature implemented!

<!-- gh-comment-id:2298177910 --> @keliansb commented on GitHub (Aug 20, 2024): Would love to see this feature implemented!
gitea-mirror commented 2026-05-05 13:31:00 -06:00
Author
Owner
Copy link

@srekkas commented on GitHub (Apr 3, 2025):

Hi.

We need it too. I am testing if frps/c reloads certificates right now.

<!-- gh-comment-id:2774537808 --> @srekkas commented on GitHub (Apr 3, 2025): Hi. We need it too. I am testing if frps/c reloads certificates right now.
gitea-mirror commented 2026-05-05 13:31:01 -06:00
Author
Owner
Copy link

@srekkas commented on GitHub (Apr 29, 2025):

Yep, it wont reload certificates. We use cert-manager to generate certificates and some automatic reload is must for both frps and frpc.

We can implement sidecar for frpc, which watch certificates and query config reload api, if it will reload certificates.
But what about frps, i do not want use external watcher and reload frps pod, additional config, updates etc...

<!-- gh-comment-id:2838757877 --> @srekkas commented on GitHub (Apr 29, 2025): Yep, it wont reload certificates. We use cert-manager to generate certificates and some automatic reload is must for both frps and frpc. We can implement sidecar for frpc, which watch certificates and query config reload api, if it will reload certificates. But what about frps, i do not want use external watcher and reload frps pod, additional config, updates etc...
gitea-mirror commented 2026-05-05 13:31:01 -06:00
Author
Owner
Copy link

@srekkas commented on GitHub (Feb 5, 2026):

Hi, can it be done :)

<!-- gh-comment-id:3853382924 --> @srekkas commented on GitHub (Feb 5, 2026): Hi, can it be done :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2352
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?