mirror/tlstunnel
1
1
Fork 0
mirror of https://git.sr.ht/~emersion/tlstunnel synced 2024-11-19 15:53:50 +01:00
Code
104 Commits 3 Branches 7 Tags 357 KiB
c3623f6b38
Commit Graph

104 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Lebreux
c3623f6b38 Add client_auth directive 2024-05-09 09:07:12 +02:00
Tom Lebreux
c888547e5b Remove file limit bump 
Starting with Go 1.19 [0] the file limit is increased by default.

[0]: 8427429c59
 2024-05-09 09:03:55 +02:00
Tom Lebreux
109d44b113 Remove unused function 2024-05-07 16:23:18 +02:00
Simon Ser
70551807b9 Use scfg unmarshaler to load config file 2024-04-14 23:38:57 +02:00
Simon Ser
3ad17069a0 Bump minimum Go version to 1.18 2024-03-12 09:44:36 +01:00
Simon Ser
d76c3fd129 Upgrade dependencies 2024-03-12 09:41:10 +01:00
Simon Ser
c9b1afde55 Add support for DNS UPDATE 
Closes: https://todo.sr.ht/~emersion/tlstunnel/25
v0.3.0 		2023-11-20 15:46:32 +01:00
Simon Ser
37aeff9b6d Evict unused unmanaged certs from cache on reload 2023-11-20 15:40:42 +01:00
Simon Ser
bbdaec6b98 Fix initial capacity of new managed names map 2023-11-20 15:36:04 +01:00
Simon Ser
e70de7eed9 Upgrade dependencies 2023-11-20 15:34:03 +01:00
Simon Ser
60cab19e46 Don't print nil connection errors 2023-02-20 14:40:44 +01:00
delthas
d314adee59 Add support for backend PROXY protocol v1 
This is enabled with backend /* ... */ { proxy_version 1 }
 2023-02-09 15:28:44 +01:00
Simon Ser
84ae2e62d6 Show more errors without -debug 
Some errors should be surfaced back even without -debug: for
instance, failure to connect to the backend.
 2023-01-27 11:04:36 +01:00
Simon Ser
151e7cf586 Add support for certificate fingerprint pinning 2023-01-27 10:55:53 +01:00
Simon Ser
ce4e23e5d8 man: only one URI can be supplied to the backend directive 
Multiple URIs is something worth supporting, but we're not there
yet.
 2023-01-27 10:39:52 +01:00
Simon Ser
86308c9780 Fix ACME DNS challenge for top-level domains in a zone 
e.g. "*.emersion.fr" when the zone is "emersion.fr".

Fixes: 662136ea745b ("Add support for ACME DNS hooks")
 2023-01-26 19:14:08 +01:00
Simon Ser
662136ea74 Add support for ACME DNS hooks 
Closes: https://todo.sr.ht/~emersion/tlstunnel/2
 2023-01-26 17:04:45 +01:00
Simon Ser
3fd3471799 Silence connection errors by default 
Often times the connection-level errors clutter the logs, for
instance with failed TLS handshakes or unknown hostname.
 2023-01-26 11:43:59 +01:00
Simon Ser
bb3c49e3b5 readme: restrict CI badge to master branch 2023-01-12 19:29:33 +01:00
Simon Ser
2eeb3e87a5 Upgrade dependencies v0.2.0 2022-11-16 16:54:30 +01:00
Simon Ser
bf12dd3871 Use net.ErrClosed 2022-07-07 10:55:25 +02:00
Simon Ser
bc53657f5d Upgrade certmagic to v0.16 2022-07-07 10:49:10 +02:00
Simon Ser
9a879327c3 Disallow frontends without any listening address 2022-06-25 11:46:14 +02:00
Simon Ser
d1812162a8 Add listen directive 
This provides a multi-line way to list addresses.
 2022-06-25 11:43:16 +02:00
Simon Ser
826cbd7fe1 Log net.Listener.Close errors v0.1.4 2022-02-03 10:42:06 +01:00
Simon Ser
859c993a82 Retry on temporary net.Listener failure 
Instead of stopping to listen, retry on temporary failure. This
can happen when running out of FDs.
 2022-02-03 10:36:08 +01:00
Simon Ser
759013750f Bump RLIMIT_NOFILE 
We're a TCP server, we'll handle potentially a lot of FDs.

See https://0pointer.net/blog/file-descriptor-limits.html
 2022-02-03 10:27:16 +01:00
Simon Ser
4bf50457dc Ignore EOF on tls.Conn.Handshake 
This happens when using the tls-alpn-01 challange.
 2022-02-03 10:22:53 +01:00
Simon Ser
47f87cf2fc Upgrade dependencies 
Gives us certmagic v0.15.3.
 2022-02-03 09:30:06 +01:00
Simon Ser
9d00800892 readme: s/Freenode/Libera Chat/ v0.1.3 2021-12-05 19:36:29 +01:00
Simon Ser
836cb8f3bd Upgrade dependencies 2021-11-25 09:51:09 +01:00
Simon Ser
eda551a4d7 man: fix scdoc syntax error 2021-08-16 15:50:07 +02:00
Simon Ser
4a3a54c39a Upgrade dependencies v0.1.2 2021-08-04 10:52:10 +02:00
Simon Ser
1ce99b8735 man: expand on wildcards and ALPN 2021-08-04 10:52:10 +02:00
Simon Ser
615fb32fda Put managed names in an allow-list for validate_command 2021-08-03 15:27:02 +02:00
Simon Ser
a154e708fc build: prevent rebuild on install v0.1.1 2021-07-24 17:03:02 +02:00
Simon Ser
df92b86604 contrib/systemd: add template files 2021-07-24 15:40:24 +02:00
Simon Ser
abe91778bd man: add some hand-holding for terminal URL recognition 2021-03-06 09:42:14 +01:00
Simon Ser
f7d73a65b5 build: make tlstunnel target PHONY 2021-02-19 14:56:00 +01:00
Simon Ser
c5d8549b09 Protect acmeCache.config with atomic.Value 
GetConfigForCert can be called from multiple goroutines.
v0.1.0 		2021-02-18 18:20:47 +01:00
Simon Ser
649ef6f327 Increase TLS handshake timeout 
On-demand certificates can make the handshake pretty slow. It takes
about 5s on my setup.
 2021-02-18 18:16:10 +01:00
Simon Ser
f8542ebcee Unmanage certificates when no longer needed 2021-02-18 18:10:51 +01:00
Simon Ser
b2d456d17e Upgrade certmagic 
Upgrade to caddy's pinned version.
 2021-02-18 18:09:17 +01:00
Simon Ser
14bdfb49f3 Add downstream TLS handshake timeout 2021-02-18 17:50:34 +01:00
Simon Ser
8ce6fc38f2 Avoid half-open TCP connections 2021-02-18 16:16:04 +01:00
Simon Ser
f0bd8e9214 Fix tls-alpn-01 challenge errors 
certmagic's NextProtos contains acmez.ACMETLS1Protocol. We mustn't
overwrite it, otherwise tls-alpn-01 challenges will fail.
 2021-02-18 16:05:45 +01:00
Simon Ser
79a1a67994 Add more context to errors 2021-02-18 16:02:45 +01:00
Simon Ser
36ae57103c
Add tls on_demand validate_command 2021-02-17 19:44:57 +01:00
Simon Ser
0fb214afc1
Stop certmagic cache on shutdown 2021-02-17 18:45:14 +01:00
Simon Ser
3764c75098
Expand on_demand docs 2021-02-17 18:43:36 +01:00