minus
4548a7fe65
Add config reloading
...
Instead of updating the configuration, we configure a new Server instance and
then migrate Listeners that still exist to it. Open client connections are
left completely untouched.
Closes https://todo.sr.ht/~emersion/tlstunnel/1
2021-01-07 16:35:03 +01:00
minus
09d28676a6
Remove unused Server reference
2020-12-11 11:50:47 +01:00
Simon Ser
d2dffca48f
go fmt
2020-12-08 17:03:58 +01:00
Simon Ser
e8f71081cb
Add support for ALPN
...
Closes: https://todo.sr.ht/~emersion/tlstunnel/11
2020-11-09 20:33:00 +01:00
Simon Ser
64285842fe
Revert "readme: fix issue tracker link"
...
This reverts commit 30dc7be08e
.
This commit contains WIP changes committed by mistake.
2020-11-06 16:36:47 +01:00
minus
26d1574702
Fix Unix socket backend config
2020-11-06 16:35:06 +01:00
Simon Ser
30dc7be08e
readme: fix issue tracker link
2020-11-05 17:36:07 +01:00
Simon Ser
dab2eb4449
readme: add contributing section
2020-11-05 17:01:55 +01:00
Simon Ser
7b0912cf3c
Add support for TLS backends
...
Closes: https://todo.sr.ht/~emersion/tlstunnel/6
2020-10-31 10:34:02 +01:00
Simon Ser
43f434be84
Update to go-proxyproto v0.3.0
2020-10-29 14:21:03 +01:00
Simon Ser
4684feb935
Move ACME logger setup to cmd/tlstunnel
...
This will allow us to customize the logger options depending on CLI
flags.
2020-10-28 12:09:30 +01:00
delthas
55fdebc9b7
Enable certmagic logging
2020-10-28 11:53:01 +01:00
Simon Ser
e532059dfa
Drop TODO regarding ACME HTTP challenges
2020-10-21 15:24:25 +02:00
Simon Ser
b5b6bba5e4
Add "tls load" frontend directive
2020-10-19 17:27:29 +02:00
Simon Ser
a2bf967da7
Switch to scfg
...
And we get nested blocks for free.
2020-10-19 16:47:50 +02:00
Simon Ser
aae358811d
Set PROXY protocol PP2_TYPE_SSL
2020-10-09 14:45:55 +02:00
Simon Ser
1f16053334
Set PROXY protocol PP2_TYPE_AUTHORITY TLV
2020-10-09 12:21:19 +02:00
Simon Ser
79e331e8c2
Use upstream proxyproto.HeaderProxyFromAddrs
2020-10-09 12:05:22 +02:00
Hubert Hirtz
3825cdccff
Add the "tls.email" directive
...
To receive expiration warnings from Let's Encrypt.
2020-10-08 19:07:11 +02:00
Simon Ser
86f5946603
man: fix acme_ca directive name
...
Fixes: e2f4dddfef
("Change `tls ca` to `tls acme_ca`")
2020-09-15 09:44:57 +02:00
Simon Ser
660ff81d32
man: add a "files" section
2020-09-15 09:42:12 +02:00
Simon Ser
839af3072c
Update certmagic to fix ALPN protocols
...
A recent certmagic commit [1] removes the assumption that tlstunnel will
proxy HTTP 1.1 and 2 traffic.
[1]: 3e4c11b75f
2020-09-14 21:37:24 +02:00
Simon Ser
245b626e64
build: fix quoting typo
...
Quoting after the equal sign isn't recognized by the Go toolchain
somehow...
2020-09-13 15:50:46 +02:00
delthas
b19939408c
Add support for wildcard server names in frontend directives
...
This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.
This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
2020-09-13 10:14:28 +02:00
Simon Ser
18dd507ea5
Don't try to guess listening address
...
Always listen on all hosts. Only use the host part of a frontend
address for TLS cert names.
Customizing the listen host will be better done with a `bind`
directive, like Caddy does.
2020-09-12 13:41:11 +02:00
Simon Ser
fd46214036
Store certificates in /var/lib/tlstunnel by default
2020-09-10 23:33:09 +02:00
Simon Ser
cef64c51d6
build: fix clean target not removing man page
2020-09-10 23:31:40 +02:00
Simon Ser
399cf88146
build: use SYSCONFDIR for default config path
2020-09-10 23:22:48 +02:00
Simon Ser
51785ebdf0
build: simplify Makefile paths
2020-09-10 23:17:52 +02:00
Simon Ser
2fdea9d4ed
Move back directive processing to tlstunnel package
2020-09-10 15:05:43 +02:00
Simon Ser
ec2a768909
Move executable to cmd/tlstunnel
...
This allows us to expose the toplevel tlstunnel package.
2020-09-10 14:49:59 +02:00
Simon Ser
6ec8fd1f15
Export Server.acmeManager
2020-09-10 14:37:59 +02:00
Simon Ser
6608aaf865
Rename Parse and Load to {Parse,Load}Config
2020-09-10 14:35:41 +02:00
Simon Ser
0dd852183a
ci: add .build.yml
2020-09-09 16:13:35 +02:00
Simon Ser
b14c97724b
readme: add link to sr.ht project
2020-09-09 16:09:18 +02:00
Simon Ser
748c966d44
Add Makefile
2020-09-09 15:13:57 +02:00
Simon Ser
5d422977df
Add man page
2020-09-09 15:13:39 +02:00
Simon Ser
e2f4dddfef
Change `tls ca` to `tls acme_ca`
...
Make it clear it's about ACME.
2020-09-09 15:08:50 +02:00
Simon Ser
e3ac31414f
Add support for the PROXY protocol
2020-09-09 14:52:41 +02:00
Simon Ser
f64eb89cee
Add -config flag
2020-09-09 14:17:27 +02:00
Simon Ser
9aefd1937d
readme: add basic example config
2020-09-09 14:13:04 +02:00
Simon Ser
137be93297
Add `tls ca` directive
2020-09-09 14:08:20 +02:00
Simon Ser
6ac58fe450
Don't add empty strings to list of managed certificates
2020-09-09 13:39:07 +02:00
Simon Ser
f4d13a4101
Remove listen directive
...
The name is misleading, because we're doing some magic to figure out
what server name to obtain a certificate for. In other words,
`listen example.org:443` would actually listen without binding to a
particular IP address (same as `listen :443`).
2020-09-09 13:18:18 +02:00
Simon Ser
758cac1f77
Allow to route to different backend depending on SNI
2020-09-09 13:15:03 +02:00
Simon Ser
728c5fcf17
Fix empty name in config block directive
2020-09-09 13:05:00 +02:00
Simon Ser
8d2b9202b5
Require frontend blocks to have the name "frontend"
...
This allows us to easily add other kind of toplevel directives, e.g. for
global configuration options.
2020-09-09 11:00:00 +02:00
Simon Ser
af78c6600c
Add certmagic support
2020-09-08 18:24:16 +02:00
Simon Ser
c0f5ca6b39
Implement basic TCP proxy
2020-09-08 17:15:35 +02:00
Simon Ser
21eed45822
Initial commit
2020-09-08 12:11:32 +02:00