Commit Graph

77 Commits

Author SHA1 Message Date
delthas b19939408c
Add support for wildcard server names in frontend directives
This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.

This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
2020-09-13 10:14:28 +02:00
Simon Ser 18dd507ea5
Don't try to guess listening address
Always listen on all hosts. Only use the host part of a frontend
address for TLS cert names.

Customizing the listen host will be better done with a `bind`
directive, like Caddy does.
2020-09-12 13:41:11 +02:00
Simon Ser fd46214036
Store certificates in /var/lib/tlstunnel by default 2020-09-10 23:33:09 +02:00
Simon Ser cef64c51d6
build: fix clean target not removing man page 2020-09-10 23:31:40 +02:00
Simon Ser 399cf88146
build: use SYSCONFDIR for default config path 2020-09-10 23:22:48 +02:00
Simon Ser 51785ebdf0
build: simplify Makefile paths 2020-09-10 23:17:52 +02:00
Simon Ser 2fdea9d4ed
Move back directive processing to tlstunnel package 2020-09-10 15:05:43 +02:00
Simon Ser ec2a768909
Move executable to cmd/tlstunnel
This allows us to expose the toplevel tlstunnel package.
2020-09-10 14:49:59 +02:00
Simon Ser 6ec8fd1f15
Export Server.acmeManager 2020-09-10 14:37:59 +02:00
Simon Ser 6608aaf865
Rename Parse and Load to {Parse,Load}Config 2020-09-10 14:35:41 +02:00
Simon Ser 0dd852183a
ci: add .build.yml 2020-09-09 16:13:35 +02:00
Simon Ser b14c97724b
readme: add link to sr.ht project 2020-09-09 16:09:18 +02:00
Simon Ser 748c966d44
Add Makefile 2020-09-09 15:13:57 +02:00
Simon Ser 5d422977df
Add man page 2020-09-09 15:13:39 +02:00
Simon Ser e2f4dddfef
Change `tls ca` to `tls acme_ca`
Make it clear it's about ACME.
2020-09-09 15:08:50 +02:00
Simon Ser e3ac31414f
Add support for the PROXY protocol 2020-09-09 14:52:41 +02:00
Simon Ser f64eb89cee
Add -config flag 2020-09-09 14:17:27 +02:00
Simon Ser 9aefd1937d
readme: add basic example config 2020-09-09 14:13:04 +02:00
Simon Ser 137be93297
Add `tls ca` directive 2020-09-09 14:08:20 +02:00
Simon Ser 6ac58fe450
Don't add empty strings to list of managed certificates 2020-09-09 13:39:07 +02:00
Simon Ser f4d13a4101
Remove listen directive
The name is misleading, because we're doing some magic to figure out
what server name to obtain a certificate for. In other words,
`listen example.org:443` would actually listen without binding to a
particular IP address (same as `listen :443`).
2020-09-09 13:18:18 +02:00
Simon Ser 758cac1f77
Allow to route to different backend depending on SNI 2020-09-09 13:15:03 +02:00
Simon Ser 728c5fcf17
Fix empty name in config block directive 2020-09-09 13:05:00 +02:00
Simon Ser 8d2b9202b5
Require frontend blocks to have the name "frontend"
This allows us to easily add other kind of toplevel directives, e.g. for
global configuration options.
2020-09-09 11:00:00 +02:00
Simon Ser af78c6600c
Add certmagic support 2020-09-08 18:24:16 +02:00
Simon Ser c0f5ca6b39
Implement basic TCP proxy 2020-09-08 17:15:35 +02:00
Simon Ser 21eed45822
Initial commit 2020-09-08 12:11:32 +02:00