refactor(proxy): Make TLS certificate watch interval configurable (#9513)

EnableAsync · web-flow · commit c3c4101b4cd6 · 2025-07-02T09:59:51.000+08:00
refactor(proxy): Make TLS certificate watch interval configurable
diff --git a/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java b/proxy/src/main/java/org/apache/rocketmq/proxy/config/ProxyConfig.java
@@ -83,6 +83,7 @@ public class ProxyConfig implements ConfigFile {
     private boolean tlsTestModeEnable = true;
     private String tlsKeyPath = ConfigurationManager.getProxyHome() + "/conf/tls/rocketmq.key";
     private String tlsCertPath = ConfigurationManager.getProxyHome() + "/conf/tls/rocketmq.crt";
+    private int tlsCertWatchIntervalMs = 60 * 60 * 1000; // 1 hour
     /**
      * gRPC
      */
@@ -325,6 +326,14 @@ public void parseDelayLevel() {
         }
     }
 
+    public int getTlsCertWatchIntervalMs() {
+        return tlsCertWatchIntervalMs;
+    }
+
+    public void setTlsCertWatchIntervalMs(int tlsCertWatchIntervalMs) {
+        this.tlsCertWatchIntervalMs = tlsCertWatchIntervalMs;
+    }
+
     public String getRocketMQClusterName() {
         return rocketMQClusterName;
     }
diff --git a/proxy/src/main/java/org/apache/rocketmq/proxy/service/cert/TlsCertificateManager.java b/proxy/src/main/java/org/apache/rocketmq/proxy/service/cert/TlsCertificateManager.java
@@ -15,6 +15,7 @@
  * limitations under the License.
  */
 package org.apache.rocketmq.proxy.service.cert;
+
 import org.apache.rocketmq.common.constant.LoggerName;
 import org.apache.rocketmq.common.utils.StartAndShutdown;
 import org.apache.rocketmq.logging.org.slf4j.Logger;
@@ -39,7 +40,7 @@ public TlsCertificateManager() {
                     ConfigurationManager.getProxyConfig().getTlsKeyPath()
                 },
                 new CertKeyFileWatchListener(),
-                60 * 60 * 1000 /* 1 hour */
+                ConfigurationManager.getProxyConfig().getTlsCertWatchIntervalMs()
             );
         } catch (Exception e) {
             log.error("Failed to initialize TLS certificate watch service", e);
@@ -107,7 +108,7 @@ private void notifyContextReload() {
             for (TlsContextReloadListener listener : reloadListeners) {
                 try {
                     listener.onTlsContextReload();
-                } catch (Exception e) {
+                } catch (Throwable e) {
                     log.error("Failed to notify TLS context reload to listener: " + listener, e);
                 }
             }
