1
1
Fork 0
mirror of https://git.sr.ht/~emersion/tlstunnel synced 2024-03-28 10:20:08 +01:00
Commit Graph

100 Commits

Author SHA1 Message Date
Simon Ser 3ad17069a0 Bump minimum Go version to 1.18 2024-03-12 09:44:36 +01:00
Simon Ser d76c3fd129 Upgrade dependencies 2024-03-12 09:41:10 +01:00
Simon Ser c9b1afde55 Add support for DNS UPDATE
Closes: https://todo.sr.ht/~emersion/tlstunnel/25
2023-11-20 15:46:32 +01:00
Simon Ser 37aeff9b6d Evict unused unmanaged certs from cache on reload 2023-11-20 15:40:42 +01:00
Simon Ser bbdaec6b98 Fix initial capacity of new managed names map 2023-11-20 15:36:04 +01:00
Simon Ser e70de7eed9 Upgrade dependencies 2023-11-20 15:34:03 +01:00
Simon Ser 60cab19e46 Don't print nil connection errors 2023-02-20 14:40:44 +01:00
delthas d314adee59 Add support for backend PROXY protocol v1
This is enabled with backend /* ... */ { proxy_version 1 }
2023-02-09 15:28:44 +01:00
Simon Ser 84ae2e62d6 Show more errors without -debug
Some errors should be surfaced back even without -debug: for
instance, failure to connect to the backend.
2023-01-27 11:04:36 +01:00
Simon Ser 151e7cf586 Add support for certificate fingerprint pinning 2023-01-27 10:55:53 +01:00
Simon Ser ce4e23e5d8 man: only one URI can be supplied to the backend directive
Multiple URIs is something worth supporting, but we're not there
yet.
2023-01-27 10:39:52 +01:00
Simon Ser 86308c9780 Fix ACME DNS challenge for top-level domains in a zone
e.g. "*.emersion.fr" when the zone is "emersion.fr".

Fixes: 662136ea74 ("Add support for ACME DNS hooks")
2023-01-26 19:14:08 +01:00
Simon Ser 662136ea74 Add support for ACME DNS hooks
Closes: https://todo.sr.ht/~emersion/tlstunnel/2
2023-01-26 17:04:45 +01:00
Simon Ser 3fd3471799 Silence connection errors by default
Often times the connection-level errors clutter the logs, for
instance with failed TLS handshakes or unknown hostname.
2023-01-26 11:43:59 +01:00
Simon Ser bb3c49e3b5 readme: restrict CI badge to master branch 2023-01-12 19:29:33 +01:00
Simon Ser 2eeb3e87a5 Upgrade dependencies 2022-11-16 16:54:30 +01:00
Simon Ser bf12dd3871 Use net.ErrClosed 2022-07-07 10:55:25 +02:00
Simon Ser bc53657f5d Upgrade certmagic to v0.16 2022-07-07 10:49:10 +02:00
Simon Ser 9a879327c3 Disallow frontends without any listening address 2022-06-25 11:46:14 +02:00
Simon Ser d1812162a8 Add listen directive
This provides a multi-line way to list addresses.
2022-06-25 11:43:16 +02:00
Simon Ser 826cbd7fe1 Log net.Listener.Close errors 2022-02-03 10:42:06 +01:00
Simon Ser 859c993a82 Retry on temporary net.Listener failure
Instead of stopping to listen, retry on temporary failure. This
can happen when running out of FDs.
2022-02-03 10:36:08 +01:00
Simon Ser 759013750f Bump RLIMIT_NOFILE
We're a TCP server, we'll handle potentially a lot of FDs.

See https://0pointer.net/blog/file-descriptor-limits.html
2022-02-03 10:27:16 +01:00
Simon Ser 4bf50457dc Ignore EOF on tls.Conn.Handshake
This happens when using the tls-alpn-01 challange.
2022-02-03 10:22:53 +01:00
Simon Ser 47f87cf2fc Upgrade dependencies
Gives us certmagic v0.15.3.
2022-02-03 09:30:06 +01:00
Simon Ser 9d00800892 readme: s/Freenode/Libera Chat/ 2021-12-05 19:36:29 +01:00
Simon Ser 836cb8f3bd Upgrade dependencies 2021-11-25 09:51:09 +01:00
Simon Ser eda551a4d7 man: fix scdoc syntax error 2021-08-16 15:50:07 +02:00
Simon Ser 4a3a54c39a Upgrade dependencies 2021-08-04 10:52:10 +02:00
Simon Ser 1ce99b8735 man: expand on wildcards and ALPN 2021-08-04 10:52:10 +02:00
Simon Ser 615fb32fda Put managed names in an allow-list for validate_command 2021-08-03 15:27:02 +02:00
Simon Ser a154e708fc build: prevent rebuild on install 2021-07-24 17:03:02 +02:00
Simon Ser df92b86604 contrib/systemd: add template files 2021-07-24 15:40:24 +02:00
Simon Ser abe91778bd man: add some hand-holding for terminal URL recognition 2021-03-06 09:42:14 +01:00
Simon Ser f7d73a65b5 build: make tlstunnel target PHONY 2021-02-19 14:56:00 +01:00
Simon Ser c5d8549b09 Protect acmeCache.config with atomic.Value
GetConfigForCert can be called from multiple goroutines.
2021-02-18 18:20:47 +01:00
Simon Ser 649ef6f327 Increase TLS handshake timeout
On-demand certificates can make the handshake pretty slow. It takes
about 5s on my setup.
2021-02-18 18:16:10 +01:00
Simon Ser f8542ebcee Unmanage certificates when no longer needed 2021-02-18 18:10:51 +01:00
Simon Ser b2d456d17e Upgrade certmagic
Upgrade to caddy's pinned version.
2021-02-18 18:09:17 +01:00
Simon Ser 14bdfb49f3 Add downstream TLS handshake timeout 2021-02-18 17:50:34 +01:00
Simon Ser 8ce6fc38f2 Avoid half-open TCP connections 2021-02-18 16:16:04 +01:00
Simon Ser f0bd8e9214 Fix tls-alpn-01 challenge errors
certmagic's NextProtos contains acmez.ACMETLS1Protocol. We mustn't
overwrite it, otherwise tls-alpn-01 challenges will fail.
2021-02-18 16:05:45 +01:00
Simon Ser 79a1a67994 Add more context to errors 2021-02-18 16:02:45 +01:00
Simon Ser 36ae57103c
Add `tls on_demand validate_command` 2021-02-17 19:44:57 +01:00
Simon Ser 0fb214afc1
Stop certmagic cache on shutdown 2021-02-17 18:45:14 +01:00
Simon Ser 3764c75098
Expand on_demand docs 2021-02-17 18:43:36 +01:00
Simon Ser f7fc805026
Fix SIGINT handling
Go's not very helpful here.
2021-02-17 18:37:30 +01:00
Simon Ser 373453ff23
Add `tls on_demand` 2021-02-17 18:34:13 +01:00
Simon Ser ac17fe976b
Initialize certmagic in Server.Start
This allows directives to change ACMEConfig or ACMEManager before
the server is started.
2021-02-17 18:33:07 +01:00
Simon Ser 90ac861b52
Update dependencies 2021-02-17 18:18:14 +01:00