diff --git a/Makefile b/Makefile index b5de429..c284d57 100644 --- a/Makefile +++ b/Makefile @@ -9,9 +9,11 @@ PREFIX = /usr/local BINDIR = $(PREFIX)/bin MANDIR = $(PREFIX)/share/man SYSCONFDIR = /etc +SHAREDSTATEDIR = /var/lib goflags = $(GOFLAGS) \ - -ldflags="-X 'main.configPath=$(SYSCONFDIR)/tlstunnel/config'" + -ldflags="-X main.configPath='$(SYSCONFDIR)/tlstunnel/config' \ + -X main.certDataPath='$(SHAREDSTATEDIR)/tlstunnel'" all: tlstunnel tlstunnel.1 diff --git a/cmd/tlstunnel/main.go b/cmd/tlstunnel/main.go index 94cbd0b..5d3f2b6 100644 --- a/cmd/tlstunnel/main.go +++ b/cmd/tlstunnel/main.go @@ -5,9 +5,13 @@ import ( "log" "git.sr.ht/~emersion/tlstunnel" + "github.com/caddyserver/certmagic" ) -var configPath = "config" +var ( + configPath = "config" + certDataPath = "" +) func main() { flag.StringVar(&configPath, "config", configPath, "path to configuration file") @@ -20,6 +24,10 @@ func main() { srv := tlstunnel.NewServer() + if certDataPath != "" { + srv.ACMEConfig.Storage = &certmagic.FileStorage{Path: certDataPath} + } + if err := srv.Load(cfg); err != nil { log.Fatal(err) } diff --git a/server.go b/server.go index 590dd25..40c9854 100644 --- a/server.go +++ b/server.go @@ -17,8 +17,7 @@ type Server struct { Frontends []*Frontend ManagedNames []string ACMEManager *certmagic.ACMEManager - - certmagic *certmagic.Config + ACMEConfig *certmagic.Config } func NewServer() *Server { @@ -34,7 +33,7 @@ func NewServer() *Server { return &Server{ Listeners: make(map[string]*Listener), ACMEManager: mgr, - certmagic: cfg, + ACMEConfig: cfg, } } @@ -53,7 +52,7 @@ func (srv *Server) RegisterListener(addr string) *Listener { } func (srv *Server) Start() error { - if err := srv.certmagic.ManageAsync(context.Background(), srv.ManagedNames); err != nil { + if err := srv.ACMEConfig.ManageAsync(context.Background(), srv.ManagedNames); err != nil { return fmt.Errorf("failed to manage TLS certificates: %v", err) } @@ -122,7 +121,7 @@ func (ln *Listener) handle(conn net.Conn) error { defer conn.Close() // TODO: setup timeouts - tlsConn := tls.Server(conn, ln.Server.certmagic.TLSConfig()) + tlsConn := tls.Server(conn, ln.Server.ACMEConfig.TLSConfig()) if err := tlsConn.Handshake(); err != nil { return err }