Commit Graph

39 Commits

Author SHA1 Message Date
Simon Ser 859c993a82 Retry on temporary net.Listener failure
Instead of stopping to listen, retry on temporary failure. This
can happen when running out of FDs.
2022-02-03 10:36:08 +01:00
Simon Ser 4bf50457dc Ignore EOF on tls.Conn.Handshake
This happens when using the tls-alpn-01 challange.
2022-02-03 10:22:53 +01:00
Simon Ser c5d8549b09 Protect acmeCache.config with atomic.Value
GetConfigForCert can be called from multiple goroutines.
2021-02-18 18:20:47 +01:00
Simon Ser 649ef6f327 Increase TLS handshake timeout
On-demand certificates can make the handshake pretty slow. It takes
about 5s on my setup.
2021-02-18 18:16:10 +01:00
Simon Ser f8542ebcee Unmanage certificates when no longer needed 2021-02-18 18:10:51 +01:00
Simon Ser b2d456d17e Upgrade certmagic
Upgrade to caddy's pinned version.
2021-02-18 18:09:17 +01:00
Simon Ser 14bdfb49f3 Add downstream TLS handshake timeout 2021-02-18 17:50:34 +01:00
Simon Ser 8ce6fc38f2 Avoid half-open TCP connections 2021-02-18 16:16:04 +01:00
Simon Ser f0bd8e9214 Fix tls-alpn-01 challenge errors
certmagic's NextProtos contains acmez.ACMETLS1Protocol. We mustn't
overwrite it, otherwise tls-alpn-01 challenges will fail.
2021-02-18 16:05:45 +01:00
Simon Ser 79a1a67994 Add more context to errors 2021-02-18 16:02:45 +01:00
Simon Ser 0fb214afc1
Stop certmagic cache on shutdown 2021-02-17 18:45:14 +01:00
Simon Ser ac17fe976b
Initialize certmagic in Server.Start
This allows directives to change ACMEConfig or ACMEManager before
the server is started.
2021-02-17 18:33:07 +01:00
minus 4548a7fe65
Add config reloading
Instead of updating the configuration, we configure a new Server instance and
then migrate Listeners that still exist to it. Open client connections are
left completely untouched.

Closes https://todo.sr.ht/~emersion/tlstunnel/1
2021-01-07 16:35:03 +01:00
minus 09d28676a6
Remove unused Server reference 2020-12-11 11:50:47 +01:00
Simon Ser d2dffca48f
go fmt 2020-12-08 17:03:58 +01:00
Simon Ser e8f71081cb
Add support for ALPN
Closes: https://todo.sr.ht/~emersion/tlstunnel/11
2020-11-09 20:33:00 +01:00
Simon Ser 64285842fe
Revert "readme: fix issue tracker link"
This reverts commit 30dc7be08e.

This commit contains WIP changes committed by mistake.
2020-11-06 16:36:47 +01:00
Simon Ser 30dc7be08e
readme: fix issue tracker link 2020-11-05 17:36:07 +01:00
Simon Ser 7b0912cf3c
Add support for TLS backends
Closes: https://todo.sr.ht/~emersion/tlstunnel/6
2020-10-31 10:34:02 +01:00
Simon Ser 43f434be84
Update to go-proxyproto v0.3.0 2020-10-29 14:21:03 +01:00
Simon Ser 4684feb935
Move ACME logger setup to cmd/tlstunnel
This will allow us to customize the logger options depending on CLI
flags.
2020-10-28 12:09:30 +01:00
delthas 55fdebc9b7
Enable certmagic logging 2020-10-28 11:53:01 +01:00
Simon Ser e532059dfa
Drop TODO regarding ACME HTTP challenges 2020-10-21 15:24:25 +02:00
Simon Ser b5b6bba5e4
Add "tls load" frontend directive 2020-10-19 17:27:29 +02:00
Simon Ser a2bf967da7
Switch to scfg
And we get nested blocks for free.
2020-10-19 16:47:50 +02:00
Simon Ser aae358811d
Set PROXY protocol PP2_TYPE_SSL 2020-10-09 14:45:55 +02:00
Simon Ser 1f16053334
Set PROXY protocol PP2_TYPE_AUTHORITY TLV 2020-10-09 12:21:19 +02:00
Simon Ser 79e331e8c2
Use upstream proxyproto.HeaderProxyFromAddrs 2020-10-09 12:05:22 +02:00
delthas b19939408c
Add support for wildcard server names in frontend directives
This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.

This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
2020-09-13 10:14:28 +02:00
Simon Ser fd46214036
Store certificates in /var/lib/tlstunnel by default 2020-09-10 23:33:09 +02:00
Simon Ser 2fdea9d4ed
Move back directive processing to tlstunnel package 2020-09-10 15:05:43 +02:00
Simon Ser ec2a768909
Move executable to cmd/tlstunnel
This allows us to expose the toplevel tlstunnel package.
2020-09-10 14:49:59 +02:00
Simon Ser 6ec8fd1f15
Export Server.acmeManager 2020-09-10 14:37:59 +02:00
Simon Ser e3ac31414f
Add support for the PROXY protocol 2020-09-09 14:52:41 +02:00
Simon Ser 137be93297
Add `tls ca` directive 2020-09-09 14:08:20 +02:00
Simon Ser 6ac58fe450
Don't add empty strings to list of managed certificates 2020-09-09 13:39:07 +02:00
Simon Ser 758cac1f77
Allow to route to different backend depending on SNI 2020-09-09 13:15:03 +02:00
Simon Ser af78c6600c
Add certmagic support 2020-09-08 18:24:16 +02:00
Simon Ser c0f5ca6b39
Implement basic TCP proxy 2020-09-08 17:15:35 +02:00