Skip to content

tiproxy: add note about reloading certificates once an hour (#22138) #22162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ti-chi-bot wants to merge 1 commit into
base: release-8.5
Choose a base branch
from
+9 −0
Open

tiproxy: add note about reloading certificates once an hour (#22138) #22162

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions enable-tls-between-components.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,11 @@ After configuring TLS for communication between TiDB components, you can use the
## Reload certificates

- If your TiDB cluster is deployed in a local data center, to reload the certificates and keys, TiDB, PD, TiKV, TiFlash, TiCDC, and all kinds of clients reread the current certificates and key files each time a new connection is created, without restarting the TiDB cluster.
<<<<<<< HEAD
=======

- TiProxy reloads certificates from disk once an hour.
>>>>>>> 9cff933fa3 (tiproxy: add note about reloading certificates once an hour (#22138))
Comment on lines +245 to +249
Copy link

@gemini-code-assist gemini-code-assist bot Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

This file contains merge conflict markers (<<<<<<<, =======, >>>>>>>). Please resolve these conflicts to ensure the document renders correctly.

Suggested change
<<<<<<< HEAD
=======
- TiProxy reloads certificates from disk once an hour.
>>>>>>> 9cff933fa3 (tiproxy: add note about reloading certificates once an hour (#22138))
- TiProxy reloads certificates from disk once an hour.


- If your TiDB cluster is deployed on your own managed cloud, make sure that the issuance of TLS certificates is integrated with the certificate management service of the cloud provider. The TLS certificates of the TiDB, PD, TiKV, TiFlash, and TiCDC components can be automatically rotated without restarting the TiDB cluster.

Expand Down
4 changes: 4 additions & 0 deletions tiproxy/tiproxy-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,10 @@ Starting from v1.3.1, TiProxy supports configuring multiple virtual IP addresses

### security

> **Note:**
>
> TiProxy reloads certificates from disk once an hour. Therefore, any changes that you make to certificate files on disk can take up to one hour to take effect.

There are four TLS objects in the `[security]` section with different names. They share the same configuration format and fields, but they are interpreted differently depending on their names.

```toml
Expand Down