Add "tls load" frontend directive
Switch to scfg
And we get nested blocks for free.
Set PROXY protocol PP2_TYPE_SSL
Set PROXY protocol PP2_TYPE_AUTHORITY TLV
Use upstream proxyproto.HeaderProxyFromAddrs
Add the "tls.email" directive
To receive expiration warnings from Let's Encrypt.
man: fix acme_ca directive name
Fixes: e2f4dddfefbc ("Change `tls ca` to `tls acme_ca`")
man: add a "files" section
Update certmagic to fix ALPN protocols
A recent certmagic commit [1] removes the assumption that tlstunnel will
proxy HTTP 1.1 and 2 traffic.
[1]: https://github.com/caddyserver/certmagic/commit/3e4c11b75f17b664798de9d2a6e5ca76bbcbaf45
build: fix quoting typo
Quoting after the equal sign isn't recognized by the Go toolchain
somehow...
Add support for wildcard server names in frontend directives
This adds support for matching incoming TLS connections to the
corresponding frontend when the frontend has a wildcard server name.
This does not add support for generating wildcard certificates from
Let's Encrypt, which requires DNS challenges.
Don't try to guess listening address
Always listen on all hosts. Only use the host part of a frontend
address for TLS cert names.
Customizing the listen host will be better done with a `bind`
directive, like Caddy does.
Store certificates in /var/lib/tlstunnel by default
build: fix clean target not removing man page
build: use SYSCONFDIR for default config path
build: simplify Makefile paths
Move back directive processing to tlstunnel package
Move executable to cmd/tlstunnel
This allows us to expose the toplevel tlstunnel package.
Export Server.acmeManager
Rename Parse and Load to {Parse,Load}Config