Simon Ser
84ae2e62d6
Show more errors without -debug
...
Some errors should be surfaced back even without -debug: for
instance, failure to connect to the backend.
2023-01-27 11:04:36 +01:00
Simon Ser
151e7cf586
Add support for certificate fingerprint pinning
2023-01-27 10:55:53 +01:00
Simon Ser
ce4e23e5d8
man: only one URI can be supplied to the backend directive
...
Multiple URIs is something worth supporting, but we're not there
yet.
2023-01-27 10:39:52 +01:00
Simon Ser
86308c9780
Fix ACME DNS challenge for top-level domains in a zone
...
e.g. "*.emersion.fr" when the zone is "emersion.fr".
Fixes: 662136ea74
("Add support for ACME DNS hooks")
2023-01-26 19:14:08 +01:00
Simon Ser
662136ea74
Add support for ACME DNS hooks
...
Closes: https://todo.sr.ht/~emersion/tlstunnel/2
2023-01-26 17:04:45 +01:00
Simon Ser
3fd3471799
Silence connection errors by default
...
Often times the connection-level errors clutter the logs, for
instance with failed TLS handshakes or unknown hostname.
2023-01-26 11:43:59 +01:00
Simon Ser
bb3c49e3b5
readme: restrict CI badge to master branch
2023-01-12 19:29:33 +01:00
Simon Ser
2eeb3e87a5
Upgrade dependencies
2022-11-16 16:54:30 +01:00
Simon Ser
bf12dd3871
Use net.ErrClosed
2022-07-07 10:55:25 +02:00
Simon Ser
bc53657f5d
Upgrade certmagic to v0.16
2022-07-07 10:49:10 +02:00
Simon Ser
9a879327c3
Disallow frontends without any listening address
2022-06-25 11:46:14 +02:00
Simon Ser
d1812162a8
Add listen directive
...
This provides a multi-line way to list addresses.
2022-06-25 11:43:16 +02:00
Simon Ser
826cbd7fe1
Log net.Listener.Close errors
2022-02-03 10:42:06 +01:00
Simon Ser
859c993a82
Retry on temporary net.Listener failure
...
Instead of stopping to listen, retry on temporary failure. This
can happen when running out of FDs.
2022-02-03 10:36:08 +01:00
Simon Ser
759013750f
Bump RLIMIT_NOFILE
...
We're a TCP server, we'll handle potentially a lot of FDs.
See https://0pointer.net/blog/file-descriptor-limits.html
2022-02-03 10:27:16 +01:00
Simon Ser
4bf50457dc
Ignore EOF on tls.Conn.Handshake
...
This happens when using the tls-alpn-01 challange.
2022-02-03 10:22:53 +01:00
Simon Ser
47f87cf2fc
Upgrade dependencies
...
Gives us certmagic v0.15.3.
2022-02-03 09:30:06 +01:00
Simon Ser
9d00800892
readme: s/Freenode/Libera Chat/
2021-12-05 19:36:29 +01:00
Simon Ser
836cb8f3bd
Upgrade dependencies
2021-11-25 09:51:09 +01:00
Simon Ser
eda551a4d7
man: fix scdoc syntax error
2021-08-16 15:50:07 +02:00
Simon Ser
4a3a54c39a
Upgrade dependencies
2021-08-04 10:52:10 +02:00
Simon Ser
1ce99b8735
man: expand on wildcards and ALPN
2021-08-04 10:52:10 +02:00
Simon Ser
615fb32fda
Put managed names in an allow-list for validate_command
2021-08-03 15:27:02 +02:00
Simon Ser
a154e708fc
build: prevent rebuild on install
2021-07-24 17:03:02 +02:00
Simon Ser
df92b86604
contrib/systemd: add template files
2021-07-24 15:40:24 +02:00
Simon Ser
abe91778bd
man: add some hand-holding for terminal URL recognition
2021-03-06 09:42:14 +01:00
Simon Ser
f7d73a65b5
build: make tlstunnel target PHONY
2021-02-19 14:56:00 +01:00
Simon Ser
c5d8549b09
Protect acmeCache.config with atomic.Value
...
GetConfigForCert can be called from multiple goroutines.
2021-02-18 18:20:47 +01:00
Simon Ser
649ef6f327
Increase TLS handshake timeout
...
On-demand certificates can make the handshake pretty slow. It takes
about 5s on my setup.
2021-02-18 18:16:10 +01:00
Simon Ser
f8542ebcee
Unmanage certificates when no longer needed
2021-02-18 18:10:51 +01:00
Simon Ser
b2d456d17e
Upgrade certmagic
...
Upgrade to caddy's pinned version.
2021-02-18 18:09:17 +01:00
Simon Ser
14bdfb49f3
Add downstream TLS handshake timeout
2021-02-18 17:50:34 +01:00
Simon Ser
8ce6fc38f2
Avoid half-open TCP connections
2021-02-18 16:16:04 +01:00
Simon Ser
f0bd8e9214
Fix tls-alpn-01 challenge errors
...
certmagic's NextProtos contains acmez.ACMETLS1Protocol. We mustn't
overwrite it, otherwise tls-alpn-01 challenges will fail.
2021-02-18 16:05:45 +01:00
Simon Ser
79a1a67994
Add more context to errors
2021-02-18 16:02:45 +01:00
Simon Ser
36ae57103c
Add `tls on_demand validate_command`
2021-02-17 19:44:57 +01:00
Simon Ser
0fb214afc1
Stop certmagic cache on shutdown
2021-02-17 18:45:14 +01:00
Simon Ser
3764c75098
Expand on_demand docs
2021-02-17 18:43:36 +01:00
Simon Ser
f7fc805026
Fix SIGINT handling
...
Go's not very helpful here.
2021-02-17 18:37:30 +01:00
Simon Ser
373453ff23
Add `tls on_demand`
2021-02-17 18:34:13 +01:00
Simon Ser
ac17fe976b
Initialize certmagic in Server.Start
...
This allows directives to change ACMEConfig or ACMEManager before
the server is started.
2021-02-17 18:33:07 +01:00
Simon Ser
90ac861b52
Update dependencies
2021-02-17 18:18:14 +01:00
minus
4548a7fe65
Add config reloading
...
Instead of updating the configuration, we configure a new Server instance and
then migrate Listeners that still exist to it. Open client connections are
left completely untouched.
Closes https://todo.sr.ht/~emersion/tlstunnel/1
2021-01-07 16:35:03 +01:00
minus
09d28676a6
Remove unused Server reference
2020-12-11 11:50:47 +01:00
Simon Ser
d2dffca48f
go fmt
2020-12-08 17:03:58 +01:00
Simon Ser
e8f71081cb
Add support for ALPN
...
Closes: https://todo.sr.ht/~emersion/tlstunnel/11
2020-11-09 20:33:00 +01:00
Simon Ser
64285842fe
Revert "readme: fix issue tracker link"
...
This reverts commit 30dc7be08e
.
This commit contains WIP changes committed by mistake.
2020-11-06 16:36:47 +01:00
minus
26d1574702
Fix Unix socket backend config
2020-11-06 16:35:06 +01:00
Simon Ser
30dc7be08e
readme: fix issue tracker link
2020-11-05 17:36:07 +01:00
Simon Ser
dab2eb4449
readme: add contributing section
2020-11-05 17:01:55 +01:00