1
1
mirror of https://git.sr.ht/~emersion/tlstunnel synced 2024-11-19 15:53:50 +01:00
Commit Graph

73 Commits

Author SHA1 Message Date
Simon Ser
eda551a4d7 man: fix scdoc syntax error 2021-08-16 15:50:07 +02:00
Simon Ser
4a3a54c39a Upgrade dependencies v0.1.2 2021-08-04 10:52:10 +02:00
Simon Ser
1ce99b8735 man: expand on wildcards and ALPN 2021-08-04 10:52:10 +02:00
Simon Ser
615fb32fda Put managed names in an allow-list for validate_command 2021-08-03 15:27:02 +02:00
Simon Ser
a154e708fc build: prevent rebuild on install v0.1.1 2021-07-24 17:03:02 +02:00
Simon Ser
df92b86604 contrib/systemd: add template files 2021-07-24 15:40:24 +02:00
Simon Ser
abe91778bd man: add some hand-holding for terminal URL recognition 2021-03-06 09:42:14 +01:00
Simon Ser
f7d73a65b5 build: make tlstunnel target PHONY 2021-02-19 14:56:00 +01:00
Simon Ser
c5d8549b09 Protect acmeCache.config with atomic.Value
GetConfigForCert can be called from multiple goroutines.
v0.1.0
2021-02-18 18:20:47 +01:00
Simon Ser
649ef6f327 Increase TLS handshake timeout
On-demand certificates can make the handshake pretty slow. It takes
about 5s on my setup.
2021-02-18 18:16:10 +01:00
Simon Ser
f8542ebcee Unmanage certificates when no longer needed 2021-02-18 18:10:51 +01:00
Simon Ser
b2d456d17e Upgrade certmagic
Upgrade to caddy's pinned version.
2021-02-18 18:09:17 +01:00
Simon Ser
14bdfb49f3 Add downstream TLS handshake timeout 2021-02-18 17:50:34 +01:00
Simon Ser
8ce6fc38f2 Avoid half-open TCP connections 2021-02-18 16:16:04 +01:00
Simon Ser
f0bd8e9214 Fix tls-alpn-01 challenge errors
certmagic's NextProtos contains acmez.ACMETLS1Protocol. We mustn't
overwrite it, otherwise tls-alpn-01 challenges will fail.
2021-02-18 16:05:45 +01:00
Simon Ser
79a1a67994 Add more context to errors 2021-02-18 16:02:45 +01:00
Simon Ser
36ae57103c
Add tls on_demand validate_command 2021-02-17 19:44:57 +01:00
Simon Ser
0fb214afc1
Stop certmagic cache on shutdown 2021-02-17 18:45:14 +01:00
Simon Ser
3764c75098
Expand on_demand docs 2021-02-17 18:43:36 +01:00
Simon Ser
f7fc805026
Fix SIGINT handling
Go's not very helpful here.
2021-02-17 18:37:30 +01:00
Simon Ser
373453ff23
Add tls on_demand 2021-02-17 18:34:13 +01:00
Simon Ser
ac17fe976b
Initialize certmagic in Server.Start
This allows directives to change ACMEConfig or ACMEManager before
the server is started.
2021-02-17 18:33:07 +01:00
Simon Ser
90ac861b52
Update dependencies 2021-02-17 18:18:14 +01:00
minus
4548a7fe65
Add config reloading
Instead of updating the configuration, we configure a new Server instance and
then migrate Listeners that still exist to it. Open client connections are
left completely untouched.

Closes https://todo.sr.ht/~emersion/tlstunnel/1
2021-01-07 16:35:03 +01:00
minus
09d28676a6
Remove unused Server reference 2020-12-11 11:50:47 +01:00
Simon Ser
d2dffca48f
go fmt 2020-12-08 17:03:58 +01:00
Simon Ser
e8f71081cb
Add support for ALPN
Closes: https://todo.sr.ht/~emersion/tlstunnel/11
2020-11-09 20:33:00 +01:00
Simon Ser
64285842fe
Revert "readme: fix issue tracker link"
This reverts commit 30dc7be08e8afa7a33da3a8228377755ae96d34a.

This commit contains WIP changes committed by mistake.
2020-11-06 16:36:47 +01:00
minus
26d1574702
Fix Unix socket backend config 2020-11-06 16:35:06 +01:00
Simon Ser
30dc7be08e
readme: fix issue tracker link 2020-11-05 17:36:07 +01:00
Simon Ser
dab2eb4449
readme: add contributing section 2020-11-05 17:01:55 +01:00
Simon Ser
7b0912cf3c
Add support for TLS backends
Closes: https://todo.sr.ht/~emersion/tlstunnel/6
2020-10-31 10:34:02 +01:00
Simon Ser
43f434be84
Update to go-proxyproto v0.3.0 2020-10-29 14:21:03 +01:00
Simon Ser
4684feb935
Move ACME logger setup to cmd/tlstunnel
This will allow us to customize the logger options depending on CLI
flags.
2020-10-28 12:09:30 +01:00
delthas
55fdebc9b7
Enable certmagic logging 2020-10-28 11:53:01 +01:00
Simon Ser
e532059dfa
Drop TODO regarding ACME HTTP challenges 2020-10-21 15:24:25 +02:00
Simon Ser
b5b6bba5e4
Add "tls load" frontend directive 2020-10-19 17:27:29 +02:00
Simon Ser
a2bf967da7
Switch to scfg
And we get nested blocks for free.
2020-10-19 16:47:50 +02:00
Simon Ser
aae358811d
Set PROXY protocol PP2_TYPE_SSL 2020-10-09 14:45:55 +02:00
Simon Ser
1f16053334
Set PROXY protocol PP2_TYPE_AUTHORITY TLV 2020-10-09 12:21:19 +02:00
Simon Ser
79e331e8c2
Use upstream proxyproto.HeaderProxyFromAddrs 2020-10-09 12:05:22 +02:00
Hubert Hirtz
3825cdccff
Add the "tls.email" directive
To receive expiration warnings from Let's Encrypt.
2020-10-08 19:07:11 +02:00
Simon Ser
86f5946603
man: fix acme_ca directive name
Fixes: e2f4dddfefbc ("Change `tls ca` to `tls acme_ca`")
2020-09-15 09:44:57 +02:00
Simon Ser
660ff81d32
man: add a "files" section 2020-09-15 09:42:12 +02:00
Simon Ser
839af3072c
Update certmagic to fix ALPN protocols
A recent certmagic commit [1] removes the assumption that tlstunnel will
proxy HTTP 1.1 and 2 traffic.

[1]: 3e4c11b75f
2020-09-14 21:37:24 +02:00
Simon Ser
245b626e64
build: fix quoting typo
Quoting after the equal sign isn't recognized by the Go toolchain
somehow...
2020-09-13 15:50:46 +02:00
delthas
b19939408c
Add support for wildcard server names in frontend directives
This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.

This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
2020-09-13 10:14:28 +02:00
Simon Ser
18dd507ea5
Don't try to guess listening address
Always listen on all hosts. Only use the host part of a frontend
address for TLS cert names.

Customizing the listen host will be better done with a `bind`
directive, like Caddy does.
2020-09-12 13:41:11 +02:00
Simon Ser
fd46214036
Store certificates in /var/lib/tlstunnel by default 2020-09-10 23:33:09 +02:00
Simon Ser
cef64c51d6
build: fix clean target not removing man page 2020-09-10 23:31:40 +02:00