~emersion/tlstunnel

ref: 4684feb935a8ca58f4eb96afb29ef23fb6ccc1c6 tlstunnel/cmd/tlstunnel/main.go -rw-r--r-- 1.2 KiB
Move ACME logger setup to cmd/tlstunnel

This will allow us to customize the logger options depending on CLI
flags.
Switch to scfg

And we get nested blocks for free.
Don't try to guess listening address

Always listen on all hosts. Only use the host part of a frontend
address for TLS cert names.

Customizing the listen host will be better done with a `bind`
directive, like Caddy does.
Store certificates in /var/lib/tlstunnel by default
Move back directive processing to tlstunnel package
Move executable to cmd/tlstunnel

This allows us to expose the toplevel tlstunnel package.
Export Server.acmeManager
Rename Parse and Load to {Parse,Load}Config
Change `tls ca` to `tls acme_ca`

Make it clear it's about ACME.
Add support for the PROXY protocol
Add -config flag
Add `tls ca` directive
Don't add empty strings to list of managed certificates
Remove listen directive

The name is misleading, because we're doing some magic to figure out
what server name to obtain a certificate for. In other words,
`listen example.org:443` would actually listen without binding to a
particular IP address (same as `listen :443`).
Allow to route to different backend depending on SNI
Require frontend blocks to have the name "frontend"

This allows us to easily add other kind of toplevel directives, e.g. for
global configuration options.
Add certmagic support
Implement basic TCP proxy
Initial commit