Simon Ser
37aeff9b6d
Evict unused unmanaged certs from cache on reload
2023-11-20 15:40:42 +01:00
Simon Ser
bbdaec6b98
Fix initial capacity of new managed names map
2023-11-20 15:36:04 +01:00
Simon Ser
e70de7eed9
Upgrade dependencies
2023-11-20 15:34:03 +01:00
Simon Ser
60cab19e46
Don't print nil connection errors
2023-02-20 14:40:44 +01:00
delthas
d314adee59
Add support for backend PROXY protocol v1
...
This is enabled with backend /* ... */ { proxy_version 1 }
2023-02-09 15:28:44 +01:00
Simon Ser
84ae2e62d6
Show more errors without -debug
...
Some errors should be surfaced back even without -debug: for
instance, failure to connect to the backend.
2023-01-27 11:04:36 +01:00
Simon Ser
3fd3471799
Silence connection errors by default
...
Often times the connection-level errors clutter the logs, for
instance with failed TLS handshakes or unknown hostname.
2023-01-26 11:43:59 +01:00
Simon Ser
bf12dd3871
Use net.ErrClosed
2022-07-07 10:55:25 +02:00
Simon Ser
bc53657f5d
Upgrade certmagic to v0.16
2022-07-07 10:49:10 +02:00
Simon Ser
826cbd7fe1
Log net.Listener.Close errors
2022-02-03 10:42:06 +01:00
Simon Ser
859c993a82
Retry on temporary net.Listener failure
...
Instead of stopping to listen, retry on temporary failure. This
can happen when running out of FDs.
2022-02-03 10:36:08 +01:00
Simon Ser
4bf50457dc
Ignore EOF on tls.Conn.Handshake
...
This happens when using the tls-alpn-01 challange.
2022-02-03 10:22:53 +01:00
Simon Ser
c5d8549b09
Protect acmeCache.config with atomic.Value
...
GetConfigForCert can be called from multiple goroutines.
2021-02-18 18:20:47 +01:00
Simon Ser
649ef6f327
Increase TLS handshake timeout
...
On-demand certificates can make the handshake pretty slow. It takes
about 5s on my setup.
2021-02-18 18:16:10 +01:00
Simon Ser
f8542ebcee
Unmanage certificates when no longer needed
2021-02-18 18:10:51 +01:00
Simon Ser
b2d456d17e
Upgrade certmagic
...
Upgrade to caddy's pinned version.
2021-02-18 18:09:17 +01:00
Simon Ser
14bdfb49f3
Add downstream TLS handshake timeout
2021-02-18 17:50:34 +01:00
Simon Ser
8ce6fc38f2
Avoid half-open TCP connections
2021-02-18 16:16:04 +01:00
Simon Ser
f0bd8e9214
Fix tls-alpn-01 challenge errors
...
certmagic's NextProtos contains acmez.ACMETLS1Protocol. We mustn't
overwrite it, otherwise tls-alpn-01 challenges will fail.
2021-02-18 16:05:45 +01:00
Simon Ser
79a1a67994
Add more context to errors
2021-02-18 16:02:45 +01:00
Simon Ser
0fb214afc1
Stop certmagic cache on shutdown
2021-02-17 18:45:14 +01:00
Simon Ser
ac17fe976b
Initialize certmagic in Server.Start
...
This allows directives to change ACMEConfig or ACMEManager before
the server is started.
2021-02-17 18:33:07 +01:00
minus
4548a7fe65
Add config reloading
...
Instead of updating the configuration, we configure a new Server instance and
then migrate Listeners that still exist to it. Open client connections are
left completely untouched.
Closes https://todo.sr.ht/~emersion/tlstunnel/1
2021-01-07 16:35:03 +01:00
minus
09d28676a6
Remove unused Server reference
2020-12-11 11:50:47 +01:00
Simon Ser
d2dffca48f
go fmt
2020-12-08 17:03:58 +01:00
Simon Ser
e8f71081cb
Add support for ALPN
...
Closes: https://todo.sr.ht/~emersion/tlstunnel/11
2020-11-09 20:33:00 +01:00
Simon Ser
64285842fe
Revert "readme: fix issue tracker link"
...
This reverts commit 30dc7be08e8afa7a33da3a8228377755ae96d34a.
This commit contains WIP changes committed by mistake.
2020-11-06 16:36:47 +01:00
Simon Ser
30dc7be08e
readme: fix issue tracker link
2020-11-05 17:36:07 +01:00
Simon Ser
7b0912cf3c
Add support for TLS backends
...
Closes: https://todo.sr.ht/~emersion/tlstunnel/6
2020-10-31 10:34:02 +01:00
Simon Ser
43f434be84
Update to go-proxyproto v0.3.0
2020-10-29 14:21:03 +01:00
Simon Ser
4684feb935
Move ACME logger setup to cmd/tlstunnel
...
This will allow us to customize the logger options depending on CLI
flags.
2020-10-28 12:09:30 +01:00
delthas
55fdebc9b7
Enable certmagic logging
2020-10-28 11:53:01 +01:00
Simon Ser
e532059dfa
Drop TODO regarding ACME HTTP challenges
2020-10-21 15:24:25 +02:00
Simon Ser
b5b6bba5e4
Add "tls load" frontend directive
2020-10-19 17:27:29 +02:00
Simon Ser
a2bf967da7
Switch to scfg
...
And we get nested blocks for free.
2020-10-19 16:47:50 +02:00
Simon Ser
aae358811d
Set PROXY protocol PP2_TYPE_SSL
2020-10-09 14:45:55 +02:00
Simon Ser
1f16053334
Set PROXY protocol PP2_TYPE_AUTHORITY TLV
2020-10-09 12:21:19 +02:00
Simon Ser
79e331e8c2
Use upstream proxyproto.HeaderProxyFromAddrs
2020-10-09 12:05:22 +02:00
delthas
b19939408c
Add support for wildcard server names in frontend directives
...
This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.
This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
2020-09-13 10:14:28 +02:00
Simon Ser
fd46214036
Store certificates in /var/lib/tlstunnel by default
2020-09-10 23:33:09 +02:00
Simon Ser
2fdea9d4ed
Move back directive processing to tlstunnel package
2020-09-10 15:05:43 +02:00
Simon Ser
ec2a768909
Move executable to cmd/tlstunnel
...
This allows us to expose the toplevel tlstunnel package.
2020-09-10 14:49:59 +02:00
Simon Ser
6ec8fd1f15
Export Server.acmeManager
2020-09-10 14:37:59 +02:00
Simon Ser
e3ac31414f
Add support for the PROXY protocol
2020-09-09 14:52:41 +02:00
Simon Ser
137be93297
Add tls ca
directive
2020-09-09 14:08:20 +02:00
Simon Ser
6ac58fe450
Don't add empty strings to list of managed certificates
2020-09-09 13:39:07 +02:00
Simon Ser
758cac1f77
Allow to route to different backend depending on SNI
2020-09-09 13:15:03 +02:00
Simon Ser
af78c6600c
Add certmagic support
2020-09-08 18:24:16 +02:00
Simon Ser
c0f5ca6b39
Implement basic TCP proxy
2020-09-08 17:15:35 +02:00