feat: Zero-downtime certificate management via Runtime API

Changes:
- Replace USR2 signal reload with HAProxy Runtime API for cert updates
  - new ssl cert → set ssl cert → commit ssl cert
  - No connection drops during certificate changes
- Add certificates.json for persistence (domain list only)
- Add haproxy_load_cert tool for manual certificate loading
- Auto-restore certificates on MCP startup
- Update startup sequence to load both servers and certificates

certificates.json format:
{
  "domains": ["inouter.com", "anvil.it.com"]
}

Paths derived from convention:
- Host: /opt/haproxy/certs/{domain}.pem
- Container: /etc/haproxy/certs/{domain}.pem

Total MCP tools: 28 → 29

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

This commit is contained in:

kaffa

2026-02-02 04:23:28 +00:00

parent 7ebe204f89

commit 79254835e9

4 changed files with 292 additions and 53 deletions

									
										7

conf/certificates.json
									
										Normal file
									
												View File
												
				@@ -0,0 +1,7 @@

				{

				  "domains": [

				    "actions.it.com",

				    "anvil.it.com",

				    "inouter.com"

				  ]

				}

feat: Zero-downtime certificate management via Runtime API

7 conf/certificates.json Normal file Unescape Escape View File

7

conf/certificates.json Normal file

View File