Commit Graph

78 Commits

Author SHA1 Message Date
Simon Ser 759013750f Bump RLIMIT_NOFILE
We're a TCP server, we'll handle potentially a lot of FDs.

See https://0pointer.net/blog/file-descriptor-limits.html
2022-02-03 10:27:16 +01:00
Simon Ser 4bf50457dc Ignore EOF on tls.Conn.Handshake
This happens when using the tls-alpn-01 challange.
2022-02-03 10:22:53 +01:00
Simon Ser 47f87cf2fc Upgrade dependencies
Gives us certmagic v0.15.3.
2022-02-03 09:30:06 +01:00
Simon Ser 9d00800892 readme: s/Freenode/Libera Chat/ 2021-12-05 19:36:29 +01:00
Simon Ser 836cb8f3bd Upgrade dependencies 2021-11-25 09:51:09 +01:00
Simon Ser eda551a4d7 man: fix scdoc syntax error 2021-08-16 15:50:07 +02:00
Simon Ser 4a3a54c39a Upgrade dependencies 2021-08-04 10:52:10 +02:00
Simon Ser 1ce99b8735 man: expand on wildcards and ALPN 2021-08-04 10:52:10 +02:00
Simon Ser 615fb32fda Put managed names in an allow-list for validate_command 2021-08-03 15:27:02 +02:00
Simon Ser a154e708fc build: prevent rebuild on install 2021-07-24 17:03:02 +02:00
Simon Ser df92b86604 contrib/systemd: add template files 2021-07-24 15:40:24 +02:00
Simon Ser abe91778bd man: add some hand-holding for terminal URL recognition 2021-03-06 09:42:14 +01:00
Simon Ser f7d73a65b5 build: make tlstunnel target PHONY 2021-02-19 14:56:00 +01:00
Simon Ser c5d8549b09 Protect acmeCache.config with atomic.Value
GetConfigForCert can be called from multiple goroutines.
2021-02-18 18:20:47 +01:00
Simon Ser 649ef6f327 Increase TLS handshake timeout
On-demand certificates can make the handshake pretty slow. It takes
about 5s on my setup.
2021-02-18 18:16:10 +01:00
Simon Ser f8542ebcee Unmanage certificates when no longer needed 2021-02-18 18:10:51 +01:00
Simon Ser b2d456d17e Upgrade certmagic
Upgrade to caddy's pinned version.
2021-02-18 18:09:17 +01:00
Simon Ser 14bdfb49f3 Add downstream TLS handshake timeout 2021-02-18 17:50:34 +01:00
Simon Ser 8ce6fc38f2 Avoid half-open TCP connections 2021-02-18 16:16:04 +01:00
Simon Ser f0bd8e9214 Fix tls-alpn-01 challenge errors
certmagic's NextProtos contains acmez.ACMETLS1Protocol. We mustn't
overwrite it, otherwise tls-alpn-01 challenges will fail.
2021-02-18 16:05:45 +01:00
Simon Ser 79a1a67994 Add more context to errors 2021-02-18 16:02:45 +01:00
Simon Ser 36ae57103c
Add `tls on_demand validate_command` 2021-02-17 19:44:57 +01:00
Simon Ser 0fb214afc1
Stop certmagic cache on shutdown 2021-02-17 18:45:14 +01:00
Simon Ser 3764c75098
Expand on_demand docs 2021-02-17 18:43:36 +01:00
Simon Ser f7fc805026
Fix SIGINT handling
Go's not very helpful here.
2021-02-17 18:37:30 +01:00
Simon Ser 373453ff23
Add `tls on_demand` 2021-02-17 18:34:13 +01:00
Simon Ser ac17fe976b
Initialize certmagic in Server.Start
This allows directives to change ACMEConfig or ACMEManager before
the server is started.
2021-02-17 18:33:07 +01:00
Simon Ser 90ac861b52
Update dependencies 2021-02-17 18:18:14 +01:00
minus 4548a7fe65
Add config reloading
Instead of updating the configuration, we configure a new Server instance and
then migrate Listeners that still exist to it. Open client connections are
left completely untouched.

Closes https://todo.sr.ht/~emersion/tlstunnel/1
2021-01-07 16:35:03 +01:00
minus 09d28676a6
Remove unused Server reference 2020-12-11 11:50:47 +01:00
Simon Ser d2dffca48f
go fmt 2020-12-08 17:03:58 +01:00
Simon Ser e8f71081cb
Add support for ALPN
Closes: https://todo.sr.ht/~emersion/tlstunnel/11
2020-11-09 20:33:00 +01:00
Simon Ser 64285842fe
Revert "readme: fix issue tracker link"
This reverts commit 30dc7be08e.

This commit contains WIP changes committed by mistake.
2020-11-06 16:36:47 +01:00
minus 26d1574702
Fix Unix socket backend config 2020-11-06 16:35:06 +01:00
Simon Ser 30dc7be08e
readme: fix issue tracker link 2020-11-05 17:36:07 +01:00
Simon Ser dab2eb4449
readme: add contributing section 2020-11-05 17:01:55 +01:00
Simon Ser 7b0912cf3c
Add support for TLS backends
Closes: https://todo.sr.ht/~emersion/tlstunnel/6
2020-10-31 10:34:02 +01:00
Simon Ser 43f434be84
Update to go-proxyproto v0.3.0 2020-10-29 14:21:03 +01:00
Simon Ser 4684feb935
Move ACME logger setup to cmd/tlstunnel
This will allow us to customize the logger options depending on CLI
flags.
2020-10-28 12:09:30 +01:00
delthas 55fdebc9b7
Enable certmagic logging 2020-10-28 11:53:01 +01:00
Simon Ser e532059dfa
Drop TODO regarding ACME HTTP challenges 2020-10-21 15:24:25 +02:00
Simon Ser b5b6bba5e4
Add "tls load" frontend directive 2020-10-19 17:27:29 +02:00
Simon Ser a2bf967da7
Switch to scfg
And we get nested blocks for free.
2020-10-19 16:47:50 +02:00
Simon Ser aae358811d
Set PROXY protocol PP2_TYPE_SSL 2020-10-09 14:45:55 +02:00
Simon Ser 1f16053334
Set PROXY protocol PP2_TYPE_AUTHORITY TLV 2020-10-09 12:21:19 +02:00
Simon Ser 79e331e8c2
Use upstream proxyproto.HeaderProxyFromAddrs 2020-10-09 12:05:22 +02:00
Hubert Hirtz 3825cdccff
Add the "tls.email" directive
To receive expiration warnings from Let's Encrypt.
2020-10-08 19:07:11 +02:00
Simon Ser 86f5946603
man: fix acme_ca directive name
Fixes: e2f4dddfef ("Change `tls ca` to `tls acme_ca`")
2020-09-15 09:44:57 +02:00
Simon Ser 660ff81d32
man: add a "files" section 2020-09-15 09:42:12 +02:00
Simon Ser 839af3072c
Update certmagic to fix ALPN protocols
A recent certmagic commit [1] removes the assumption that tlstunnel will
proxy HTTP 1.1 and 2 traffic.

[1]: 3e4c11b75f
2020-09-14 21:37:24 +02:00