fix: regenerate TLS cert when services change (hot-reload via ArcSwap)

HTTPS proxy certs were generated once at startup. Services added at runtime via API or LAN discovery got "not secure" in the browser because their SAN wasn't in the cert. Now the cert is regenerated on every service add/remove and swapped atomically via ArcSwap. In-flight connections are unaffected. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 16:14:06 +02:00
parent 9e07064c94
commit e0c1997056
9 changed files with 108 additions and 35 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -27,3 +27,4 @@ rcgen = { version = "0.13", features = ["pem", "x509-parser"] }
 time = "0.3"
 rustls = "0.23"
 tokio-rustls = "0.26"
+arc-swap = "1"