PHP/Swoole Http Server - how can I dynamically load ssl?

Question

I need load different ssl certificates on the fly, on process request. I try do it like in code below, but server still loading cert1 certificate on handling request, not cert2 as I trying to do in code.

How can I dynamically reload different certificates on the fly? Is it possible?

Code example:

<?php

require 'vendor/autoload.php';


$server = new swoole_http_server("192.168.10.10", 443, SWOOLE_BASE, SWOOLE_SOCK_TCP | SWOOLE_SSL);

// setup the location of ssl cert files and key files
$ssl_dir = __DIR__.'/ssl_certs';
$server->set([
    'max_conn'           => 500,
    'daemonize'          => false,
    'dispatch_mode'      => 2,
    'buffer_output_size' => 2 * 1024 * 1024,
    'ssl_cert_file' => $ssl_dir . '/cert1.local.crt',
    'ssl_key_file' => $ssl_dir . '/cert1.local.key',
    'open_http2_protocol' => true, // Enable HTTP2 protocol
]);

$server->on('request', function ($request, $response) use ($server) {
    $server->set([
        'ssl_cert_file' => $ssl_dir . '/cert2.local.crt',
        'ssl_key_file' => $ssl_dir . '/cert2.local.key',
    ]);
    $response->end("<h1>Hello World. #".rand(1000, 9999)."</h1>");
});

$server->start();

score 2 · Answer 1 · answered Oct 10 '19 at 13:10

Unfortunately you can't change $server configuration on the fly.

An option is to run Swoole server on multiple ports with different settings:

$port1 = $server->listen("127.0.0.1", 9501, SWOOLE_SOCK_TCP | SWOOLE_SSL);
$port2 = $server->listen("127.0.0.1", 9502, SWOOLE_SOCK_TCP | SWOOLE_SSL);

$port1->set([
    'open_eof_split' => true,
    'package_eof' => "\r\n",
    'ssl_cert_file' => 'ssl1.cert',
    'ssl_key_file' => 'ssl1.key',
]);

$port2->set([
    'open_eof_split' => true,
    'package_eof' => "\r\n",
    'ssl_cert_file' => 'ssl2.cert',
    'ssl_key_file' => 'ssl2.key',
]);

After that you can create different rules for different URIs in Nginx to handle the traffic and redirect it to the properly Swoole port.

score 1 · Answer 2 · answered Apr 14 '20 at 03:42

1

Do you just need multiple certificates to provide SSL for different domain names?

If that is the case, you could just host multiple domains in a single certificate. That would remove the requirement to switch certificates.

answered Apr 14 '20 at 03:42

Phippsy

221
2
3

PHP/Swoole Http Server - how can I dynamically load ssl?

2 Answers2