tandem
/
tlstunnel
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
79 Commits 2 Branches 2 Tags 187 KiB
Commit Graph

79 Commits

Author SHA1 Message Date
Simon Ser 859c993a82 Retry on temporary net.Listener failure 
Instead of stopping to listen, retry on temporary failure. This
can happen when running out of FDs.
 2022-02-03 10:36:08 +01:00
Simon Ser 759013750f Bump RLIMIT_NOFILE 
We're a TCP server, we'll handle potentially a lot of FDs.

See https://0pointer.net/blog/file-descriptor-limits.html
 2022-02-03 10:27:16 +01:00
Simon Ser 4bf50457dc Ignore EOF on tls.Conn.Handshake 
This happens when using the tls-alpn-01 challange.
 2022-02-03 10:22:53 +01:00
Simon Ser 47f87cf2fc Upgrade dependencies 
Gives us certmagic v0.15.3.
 2022-02-03 09:30:06 +01:00
Simon Ser 9d00800892 readme: s/Freenode/Libera Chat/ 2021-12-05 19:36:29 +01:00
Simon Ser 836cb8f3bd Upgrade dependencies 2021-11-25 09:51:09 +01:00
Simon Ser eda551a4d7 man: fix scdoc syntax error 2021-08-16 15:50:07 +02:00
Simon Ser 4a3a54c39a Upgrade dependencies 2021-08-04 10:52:10 +02:00
Simon Ser 1ce99b8735 man: expand on wildcards and ALPN 2021-08-04 10:52:10 +02:00
Simon Ser 615fb32fda Put managed names in an allow-list for validate_command 2021-08-03 15:27:02 +02:00
Simon Ser a154e708fc build: prevent rebuild on install 2021-07-24 17:03:02 +02:00
Simon Ser df92b86604 contrib/systemd: add template files 2021-07-24 15:40:24 +02:00
Simon Ser abe91778bd man: add some hand-holding for terminal URL recognition 2021-03-06 09:42:14 +01:00
Simon Ser f7d73a65b5 build: make tlstunnel target PHONY 2021-02-19 14:56:00 +01:00
Simon Ser c5d8549b09 Protect acmeCache.config with atomic.Value 
GetConfigForCert can be called from multiple goroutines.
 2021-02-18 18:20:47 +01:00
Simon Ser 649ef6f327 Increase TLS handshake timeout 
On-demand certificates can make the handshake pretty slow. It takes
about 5s on my setup.
 2021-02-18 18:16:10 +01:00
Simon Ser f8542ebcee Unmanage certificates when no longer needed 2021-02-18 18:10:51 +01:00
Simon Ser b2d456d17e Upgrade certmagic 
Upgrade to caddy's pinned version.
 2021-02-18 18:09:17 +01:00
Simon Ser 14bdfb49f3 Add downstream TLS handshake timeout 2021-02-18 17:50:34 +01:00
Simon Ser 8ce6fc38f2 Avoid half-open TCP connections 2021-02-18 16:16:04 +01:00
Simon Ser f0bd8e9214 Fix tls-alpn-01 challenge errors 
certmagic's NextProtos contains acmez.ACMETLS1Protocol. We mustn't
overwrite it, otherwise tls-alpn-01 challenges will fail.
 2021-02-18 16:05:45 +01:00
Simon Ser 79a1a67994 Add more context to errors 2021-02-18 16:02:45 +01:00
Simon Ser 36ae57103c
Add `tls on_demand validate_command` 2021-02-17 19:44:57 +01:00
Simon Ser 0fb214afc1
Stop certmagic cache on shutdown 2021-02-17 18:45:14 +01:00
Simon Ser 3764c75098
Expand on_demand docs 2021-02-17 18:43:36 +01:00
Simon Ser f7fc805026
Fix SIGINT handling 
Go's not very helpful here.
 2021-02-17 18:37:30 +01:00
Simon Ser 373453ff23
Add `tls on_demand` 2021-02-17 18:34:13 +01:00
Simon Ser ac17fe976b
Initialize certmagic in Server.Start 
This allows directives to change ACMEConfig or ACMEManager before
the server is started.
 2021-02-17 18:33:07 +01:00
Simon Ser 90ac861b52
Update dependencies 2021-02-17 18:18:14 +01:00
minus 4548a7fe65
Add config reloading 
Instead of updating the configuration, we configure a new Server instance and
then migrate Listeners that still exist to it. Open client connections are
left completely untouched.

Closes https://todo.sr.ht/~emersion/tlstunnel/1
 2021-01-07 16:35:03 +01:00
minus 09d28676a6
Remove unused Server reference 2020-12-11 11:50:47 +01:00
Simon Ser d2dffca48f
go fmt 2020-12-08 17:03:58 +01:00
Simon Ser e8f71081cb
Add support for ALPN 
Closes: https://todo.sr.ht/~emersion/tlstunnel/11
 2020-11-09 20:33:00 +01:00
Simon Ser 64285842fe
Revert "readme: fix issue tracker link" 
This reverts commit 30dc7be08e.

This commit contains WIP changes committed by mistake.
 2020-11-06 16:36:47 +01:00
minus 26d1574702
Fix Unix socket backend config 2020-11-06 16:35:06 +01:00
Simon Ser 30dc7be08e
readme: fix issue tracker link 2020-11-05 17:36:07 +01:00
Simon Ser dab2eb4449
readme: add contributing section 2020-11-05 17:01:55 +01:00
Simon Ser 7b0912cf3c
Add support for TLS backends 
Closes: https://todo.sr.ht/~emersion/tlstunnel/6
 2020-10-31 10:34:02 +01:00
Simon Ser 43f434be84
Update to go-proxyproto v0.3.0 2020-10-29 14:21:03 +01:00
Simon Ser 4684feb935
Move ACME logger setup to cmd/tlstunnel 
This will allow us to customize the logger options depending on CLI
flags.
 2020-10-28 12:09:30 +01:00
delthas 55fdebc9b7
Enable certmagic logging 2020-10-28 11:53:01 +01:00
Simon Ser e532059dfa
Drop TODO regarding ACME HTTP challenges 2020-10-21 15:24:25 +02:00
Simon Ser b5b6bba5e4
Add "tls load" frontend directive 2020-10-19 17:27:29 +02:00
Simon Ser a2bf967da7
Switch to scfg 
And we get nested blocks for free.
 2020-10-19 16:47:50 +02:00
Simon Ser aae358811d
Set PROXY protocol PP2_TYPE_SSL 2020-10-09 14:45:55 +02:00
Simon Ser 1f16053334
Set PROXY protocol PP2_TYPE_AUTHORITY TLV 2020-10-09 12:21:19 +02:00
Simon Ser 79e331e8c2
Use upstream proxyproto.HeaderProxyFromAddrs 2020-10-09 12:05:22 +02:00
Hubert Hirtz 3825cdccff
Add the "tls.email" directive 
To receive expiration warnings from Let's Encrypt.
 2020-10-08 19:07:11 +02:00
Simon Ser 86f5946603
man: fix acme_ca directive name 
Fixes: e2f4dddfef ("Change `tls ca` to `tls acme_ca`")
 2020-09-15 09:44:57 +02:00
Simon Ser 660ff81d32
man: add a "files" section 2020-09-15 09:42:12 +02:00