Store certificates in /var/lib/tlstunnel by default

This commit is contained in:
Simon Ser 2020-09-10 23:33:09 +02:00
parent cef64c51d6
commit fd46214036
No known key found for this signature in database
GPG Key ID: 0FDE7BE0E88F5E48
3 changed files with 16 additions and 7 deletions

View File

@ -9,9 +9,11 @@ PREFIX = /usr/local
BINDIR = $(PREFIX)/bin BINDIR = $(PREFIX)/bin
MANDIR = $(PREFIX)/share/man MANDIR = $(PREFIX)/share/man
SYSCONFDIR = /etc SYSCONFDIR = /etc
SHAREDSTATEDIR = /var/lib
goflags = $(GOFLAGS) \ goflags = $(GOFLAGS) \
-ldflags="-X 'main.configPath=$(SYSCONFDIR)/tlstunnel/config'" -ldflags="-X main.configPath='$(SYSCONFDIR)/tlstunnel/config' \
-X main.certDataPath='$(SHAREDSTATEDIR)/tlstunnel'"
all: tlstunnel tlstunnel.1 all: tlstunnel tlstunnel.1

View File

@ -5,9 +5,13 @@ import (
"log" "log"
"git.sr.ht/~emersion/tlstunnel" "git.sr.ht/~emersion/tlstunnel"
"github.com/caddyserver/certmagic"
) )
var configPath = "config" var (
configPath = "config"
certDataPath = ""
)
func main() { func main() {
flag.StringVar(&configPath, "config", configPath, "path to configuration file") flag.StringVar(&configPath, "config", configPath, "path to configuration file")
@ -20,6 +24,10 @@ func main() {
srv := tlstunnel.NewServer() srv := tlstunnel.NewServer()
if certDataPath != "" {
srv.ACMEConfig.Storage = &certmagic.FileStorage{Path: certDataPath}
}
if err := srv.Load(cfg); err != nil { if err := srv.Load(cfg); err != nil {
log.Fatal(err) log.Fatal(err)
} }

View File

@ -17,8 +17,7 @@ type Server struct {
Frontends []*Frontend Frontends []*Frontend
ManagedNames []string ManagedNames []string
ACMEManager *certmagic.ACMEManager ACMEManager *certmagic.ACMEManager
ACMEConfig *certmagic.Config
certmagic *certmagic.Config
} }
func NewServer() *Server { func NewServer() *Server {
@ -34,7 +33,7 @@ func NewServer() *Server {
return &Server{ return &Server{
Listeners: make(map[string]*Listener), Listeners: make(map[string]*Listener),
ACMEManager: mgr, ACMEManager: mgr,
certmagic: cfg, ACMEConfig: cfg,
} }
} }
@ -53,7 +52,7 @@ func (srv *Server) RegisterListener(addr string) *Listener {
} }
func (srv *Server) Start() error { func (srv *Server) Start() error {
if err := srv.certmagic.ManageAsync(context.Background(), srv.ManagedNames); err != nil { if err := srv.ACMEConfig.ManageAsync(context.Background(), srv.ManagedNames); err != nil {
return fmt.Errorf("failed to manage TLS certificates: %v", err) return fmt.Errorf("failed to manage TLS certificates: %v", err)
} }
@ -122,7 +121,7 @@ func (ln *Listener) handle(conn net.Conn) error {
defer conn.Close() defer conn.Close()
// TODO: setup timeouts // TODO: setup timeouts
tlsConn := tls.Server(conn, ln.Server.certmagic.TLSConfig()) tlsConn := tls.Server(conn, ln.Server.ACMEConfig.TLSConfig())
if err := tlsConn.Handshake(); err != nil { if err := tlsConn.Handshake(); err != nil {
return err return err
} }