Store certificates in /var/lib/tlstunnel by default
This commit is contained in:
parent
cef64c51d6
commit
fd46214036
4
Makefile
4
Makefile
|
@ -9,9 +9,11 @@ PREFIX = /usr/local
|
|||
BINDIR = $(PREFIX)/bin
|
||||
MANDIR = $(PREFIX)/share/man
|
||||
SYSCONFDIR = /etc
|
||||
SHAREDSTATEDIR = /var/lib
|
||||
|
||||
goflags = $(GOFLAGS) \
|
||||
-ldflags="-X 'main.configPath=$(SYSCONFDIR)/tlstunnel/config'"
|
||||
-ldflags="-X main.configPath='$(SYSCONFDIR)/tlstunnel/config' \
|
||||
-X main.certDataPath='$(SHAREDSTATEDIR)/tlstunnel'"
|
||||
|
||||
all: tlstunnel tlstunnel.1
|
||||
|
||||
|
|
|
@ -5,9 +5,13 @@ import (
|
|||
"log"
|
||||
|
||||
"git.sr.ht/~emersion/tlstunnel"
|
||||
"github.com/caddyserver/certmagic"
|
||||
)
|
||||
|
||||
var configPath = "config"
|
||||
var (
|
||||
configPath = "config"
|
||||
certDataPath = ""
|
||||
)
|
||||
|
||||
func main() {
|
||||
flag.StringVar(&configPath, "config", configPath, "path to configuration file")
|
||||
|
@ -20,6 +24,10 @@ func main() {
|
|||
|
||||
srv := tlstunnel.NewServer()
|
||||
|
||||
if certDataPath != "" {
|
||||
srv.ACMEConfig.Storage = &certmagic.FileStorage{Path: certDataPath}
|
||||
}
|
||||
|
||||
if err := srv.Load(cfg); err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
|
|
@ -17,8 +17,7 @@ type Server struct {
|
|||
Frontends []*Frontend
|
||||
ManagedNames []string
|
||||
ACMEManager *certmagic.ACMEManager
|
||||
|
||||
certmagic *certmagic.Config
|
||||
ACMEConfig *certmagic.Config
|
||||
}
|
||||
|
||||
func NewServer() *Server {
|
||||
|
@ -34,7 +33,7 @@ func NewServer() *Server {
|
|||
return &Server{
|
||||
Listeners: make(map[string]*Listener),
|
||||
ACMEManager: mgr,
|
||||
certmagic: cfg,
|
||||
ACMEConfig: cfg,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -53,7 +52,7 @@ func (srv *Server) RegisterListener(addr string) *Listener {
|
|||
}
|
||||
|
||||
func (srv *Server) Start() error {
|
||||
if err := srv.certmagic.ManageAsync(context.Background(), srv.ManagedNames); err != nil {
|
||||
if err := srv.ACMEConfig.ManageAsync(context.Background(), srv.ManagedNames); err != nil {
|
||||
return fmt.Errorf("failed to manage TLS certificates: %v", err)
|
||||
}
|
||||
|
||||
|
@ -122,7 +121,7 @@ func (ln *Listener) handle(conn net.Conn) error {
|
|||
defer conn.Close()
|
||||
|
||||
// TODO: setup timeouts
|
||||
tlsConn := tls.Server(conn, ln.Server.certmagic.TLSConfig())
|
||||
tlsConn := tls.Server(conn, ln.Server.ACMEConfig.TLSConfig())
|
||||
if err := tlsConn.Handshake(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue